CVE-2024-42125
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's rtw89 WiFi driver could cause kernel crashes when systems with BIOS policies blocking 6GHz WiFi attempt to perform scan operations. This affects Linux systems using rtw89 WiFi chips with BIOS configurations that disable 6GHz bands.
💻 Affected Systems
- Linux kernel with rtw89 WiFi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or instability when WiFi scanning operations are performed on affected hardware configurations.
If Mitigated
No impact if BIOS doesn't block 6GHz bands or if the system isn't performing WiFi scans.
🎯 Exploit Status
Exploitation requires ability to trigger WiFi scan operations on affected hardware. Likely discovered through code review/fuzzing rather than active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits bb38626f3f97e16e6d368a9ff6daf320f3fe31d9 and ce4ba62f8bc5195a9a0d49c6235a9c99e619cadc
Vendor Advisory: https://git.kernel.org/stable/c/bb38626f3f97e16e6d368a9ff6daf320f3fe31d9
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for backported patches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable rtw89 driver
linuxTemporarily disable the vulnerable WiFi driver
sudo modprobe -r rtw89_core
sudo modprobe -r rtw89_pci
Enable 6GHz in BIOS
allIf possible, enable 6GHz WiFi support in BIOS to avoid the NULL condition
🧯 If You Can't Patch
- Avoid WiFi scanning operations on affected systems
- Use alternative WiFi hardware or disable WiFi entirely if not needed
🔍 How to Verify
Check if Vulnerable:
Check if using rtw89 driver: lsmod | grep rtw89. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions. Test WiFi scanning functionality.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- NULL pointer dereference errors in dmesg
- WiFi driver crash logs
Network Indicators:
- Unexpected WiFi disconnections
- Failed scan operations
SIEM Query:
source="kernel" AND ("NULL pointer" OR "panic" OR "rtw89")