CVE-2024-38572 – This vulnerability in the Linux kernel's ath12k... (How to Fix)

Q: What is the severity of CVE-2024-38572?

CVE-2024-38572 has a CVSS score of 7.1 (HIGH). This vulnerability in the Linux kernel's ath12k WiFi driver allows out-of-bounds memory access when processing QMI messages, potentially leading to kernel crashes or arbitrary code execution. It affects Linux systems using vulnerable versions of the ath12k driver, particularly those with Qualcomm QCN9274 WiFi hardware. The issue occurs due to a missing terminator entry in a message handler array.

📋 TL;DR

This vulnerability in the Linux kernel's ath12k WiFi driver allows out-of-bounds memory access when processing QMI messages, potentially leading to kernel crashes or arbitrary code execution. It affects Linux systems using vulnerable versions of the ath12k driver, particularly those with Qualcomm QCN9274 WiFi hardware. The issue occurs due to a missing terminator entry in a message handler array.

💻 Affected Systems

Products:

Linux kernel ath12k WiFi driver

Versions: Linux kernel versions with vulnerable ath12k driver (specific versions not specified in CVE, but patches available for multiple stable branches)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ath12k driver to be loaded and active, typically on systems with Qualcomm QCN9274 WiFi hardware. Tested on QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential kernel-level arbitrary code execution with root privileges.

🟠

Likely Case

System instability, kernel crashes, or denial of service when processing specific QMI messages.

🟢

If Mitigated

Limited to kernel crashes if exploit attempts fail or are contained by kernel protections.

🌐 Internet-Facing: MEDIUM - Requires WiFi connectivity and specific QMI message processing, but could be triggered remotely via network packets.

🏢 Internal Only: MEDIUM - Same technical risk but requires network access to the affected system's WiFi interface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted QMI messages to trigger the out-of-bounds access. No public exploit code identified, but the vulnerability is well-documented in kernel commits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 95575de7dede7b1ed3b9718dab9dda97914ea775, a1abdb63628b04855a929850772de97435ed1555, b48d40f5840c505b7af700594aa8379eec28e925, e1bdff48a1bb4a4ac660c19c55a820968c48b3f2

Vendor Advisory: https://git.kernel.org/stable/c/95575de7dede7b1ed3b9718dab9dda97914ea775

Restart Required: Yes

Instructions:

1. Update Linux kernel to a patched version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify ath12k driver is updated.

🔧 Temporary Workarounds

Disable ath12k driver

linux

Unload the vulnerable ath12k driver if not required

sudo modprobe -r ath12k

Blacklist ath12k module

linux

Prevent ath12k driver from loading at boot

echo 'blacklist ath12k' | sudo tee /etc/modprobe.d/ath12k-blacklist.conf
sudo update-initramfs -u

🧯 If You Can't Patch

Restrict network access to WiFi interfaces using firewalls
Monitor system logs for kernel panic or KASAN warnings related to ath12k

🔍 How to Verify

Check if Vulnerable:

Check if ath12k module is loaded: lsmod | grep ath12k. Check kernel version and whether it contains the fix commits.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Check dmesg for absence of KASAN warnings related to ath12k_qmi_msg_handlers.

📡 Detection & Monitoring

Log Indicators:

KASAN warnings mentioning ath12k_qmi_msg_handlers
Kernel panic logs
Out-of-bounds access errors in kernel logs

Network Indicators:

Unusual QMI message traffic to WiFi interfaces

SIEM Query:

source="kernel" AND ("ath12k" OR "KASAN" OR "out-of-bounds")

📊 Metadata

CVE ID: CVE-2024-38572

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: June 19, 2024

Last Updated: September 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38572, you might also want to check these: