CVE-2024-35946
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in the Linux kernel's rtw89 WiFi driver. When canceling a scan operation, the driver might attempt to use a virtual interface (vif) that wasn't actually scanning, leading to a kernel crash. This affects Linux systems using the rtw89 driver for Realtek WiFi chips.
💻 Affected Systems
- Linux kernel with rtw89 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart the system.
Likely Case
System crash or instability when WiFi scanning operations are interrupted, causing temporary denial of service until system reboot.
If Mitigated
Minor system instability that might require restarting WiFi services or rebooting the affected system.
🎯 Exploit Status
Exploitation requires local access and ability to trigger WiFi scanning operations. No known public exploits available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 4f11c741908dab7dd48fa5a986b210d4fc74ca8d, 7e11a2966f51695c0af0b1f976a32d64dee243b2, b34d64e9aa5505e3c84570aed5c757f1839573e8
Vendor Advisory: https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.
🔧 Temporary Workarounds
Disable WiFi scanning
linuxPrevent WiFi scanning operations that could trigger the vulnerability
sudo iw dev wlan0 set power_save off
sudo nmcli radio wifi off
Use alternative WiFi driver
linuxSwitch to a different WiFi driver if available for your hardware
sudo modprobe -r rtw89_core
sudo modprobe alternative_driver
🧯 If You Can't Patch
- Restrict WiFi interface access to trusted users only
- Monitor system logs for kernel panic events related to WiFi operations
🔍 How to Verify
Check if Vulnerable:
Check if rtw89 driver is loaded: lsmod | grep rtw89. Check kernel version: uname -r and compare with patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits. Check dmesg for absence of null pointer errors during WiFi operations.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in dmesg
- Null pointer dereference errors in system logs
- WiFi driver crash logs
Network Indicators:
- Sudden WiFi disconnections
- Unusual scan cancellation patterns
SIEM Query:
source="kernel" AND ("null pointer" OR "panic" OR "Oops") AND "rtw89"🔗 References
- https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d
- https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2
- https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8
- https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d
- https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2
- https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8
