wifi: ath11k: fix RCU stall while reaping monitor destination ring

CVE	CVE-2024-58097
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-04-16 15:15:53 UTC
Updated	2026-04-06 13:42:43 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix RCU stall while reaping monitor destination ring While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id. However, sometimes the driver cannot obtain a valid buffer corresponding to the buf_id received from the hardware. This causes an infinite loop in the destination processing, resulting in a kernel crash. kernel log: ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed Fix this by skipping the problematic buf_id and reaping the next entry, replacing the break with the next MSDU processing. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS: 0.000530000 probability, percentile 0.166490000 (date 2026-04-07)

Problem Types: CWE-835 | CWE-835 CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`
3.1	ADP	DECLARED	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d 8db5de0cf02fccf4c759aa58edbe65659daf607c git	Not specified
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d 9f1a002f0171d27f3554e529f3c70df438f05dfe git	Not specified
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d b4991fc41745645f8050506f5a8578bd11e6b378 git	Not specified
CNA	Linux	Linux	affected d5c65159f2895379e11ca13f62feabe93278985d 16c6c35c03ea73054a1f6d3302a4ce4a331b427d git	Not specified
CNA	Linux	Linux	affected 5.6	Not specified
CNA	Linux	Linux	unaffected 5.6 semver	Not specified
CNA	Linux	Linux	unaffected 6.6.122 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.68 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.14.2 6.14.* semver	Not specified
CNA	Linux	Linux	unaffected 6.15 * original_commit_for_fix	Not specified

Reference	Source	Link	Tags
git.kernel.org/stable/c/9f1a002f0171d27f3554e529f3c70df438f05dfe	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/8db5de0cf02fccf4c759aa58edbe65659daf607c	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/16c6c35c03ea73054a1f6d3302a4ce4a331b427d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/b4991fc41745645f8050506f5a8578bd11e6b378	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.