Login Sign Up

CVE-2024-43842

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE describes an array index out-of-bounds vulnerability in the Linux kernel's rtw89 WiFi driver. An attacker could potentially exploit this to cause a kernel panic (denial of service) or possibly execute arbitrary code with kernel privileges. Systems using affected versions of the Linux kernel with the rtw89 driver loaded are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions containing the vulnerable rtw89 driver code before the fix commits
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable if rtw89 driver is loaded (typically for Realtek 8852/8852A/8852B WiFi chips). Many systems may not have this driver active.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to arbitrary code execution with kernel privileges, system compromise, or persistent denial of service.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

Minor performance impact or system instability if triggered accidentally, but no compromise due to other kernel protections.

🌐 Internet-Facing: LOW - Requires WiFi connectivity and driver interaction; not directly exploitable over internet without WiFi access.
🏢 Internal Only: MEDIUM - Internal attackers with WiFi access could potentially trigger this, but exploitation requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific WiFi driver interaction and kernel memory manipulation knowledge

No public exploits known. Exploitation would require sending crafted WiFi frames to trigger the vulnerable code path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 7a0edc3d83aff3a48813d78c9cad9daf38decc74, 85099c7ce4f9e64c66aa397cd9a37473637ab891, 96ae4de5bc4c8ba39fd072369398f59495b73f58, a2a095c08b95372d6d0c5819b77f071af5e75366

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable rtw89 driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist rtw89_core' | sudo tee /etc/modprobe.d/blacklist-rtw89.conf
sudo modprobe -r rtw89_core rtw89_pci
sudo update-initramfs -u

Disable WiFi interface

linux

Turn off WiFi to prevent driver interaction

sudo ip link set wlan0 down
sudo nmcli radio wifi off

🧯 If You Can't Patch

  • Disable WiFi functionality entirely on affected systems
  • Use wired networking instead of WiFi where possible
  • Implement network segmentation to isolate WiFi networks
  • Monitor for kernel panic/crash events related to rtw89 driver

🔍 How to Verify

Check if Vulnerable:

Check if rtw89 driver is loaded: lsmod | grep rtw89. Check kernel version: uname -r and compare with patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond fix commits. Check driver is still functional: dmesg | grep rtw89 for error-free operation.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg
  • Oops messages mentioning rtw89 driver
  • System crash/reboot events

Network Indicators:

  • Unusual WiFi frame patterns targeting rtw89 devices
  • Multiple connection attempts to WiFi interfaces

SIEM Query:

source="kernel" AND ("panic" OR "Oops") AND "rtw89"

📊 Metadata

CVE ID: CVE-2024-43842
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-129
Published: August 17, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43842, you might also want to check these:

CVE-2020-27483 9.9

This vulnerability in Garmin Forerunner 235 devices allows attackers to potentially execute arbitrar...

Same vulnerability type (CWE-129)
CVE-2020-27485 9.9

This vulnerability in Garmin Forerunner 235 devices allows malicious ConnectIQ store applications to...

Same vulnerability type (CWE-129)
CVE-2021-38563 9.8

This vulnerability in Foxit PDF software allows attackers to trigger memory corruption through malfo...

Same vulnerability type (CWE-129)