CVE-2024-47721 – This vulnerability in the Linux kernel's rtw89 ... (How to Fix)

📋 TL;DR

This vulnerability in the Linux kernel's rtw89 WiFi driver allows out-of-bounds memory access when processing certain firmware events. It affects systems using Realtek rtw89 WiFi chips with unpatched kernel versions, potentially leading to system crashes or information disclosure.

💻 Affected Systems

Products:

Linux kernel with rtw89 WiFi driver

Versions: Linux kernel versions before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable if rtw89 driver is loaded and in use

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential information disclosure from kernel memory

🟠

Likely Case

System instability or crashes when specific WiFi events are triggered

🟢

If Mitigated

No impact if patched or if affected driver not loaded

🌐 Internet-Facing: LOW - Requires local access or specific WiFi event triggers

🏢 Internal Only: MEDIUM - Could be triggered by malicious WiFi packets on internal network

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger specific WiFi C2H events

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 10463308b945, 2c9c2d1a2091, or 56310ddb50b1

Vendor Advisory: https://git.kernel.org/stable/c/10463308b9454f534d03300cf679bc4b3d078f46

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version
2. Rebuild kernel if compiling from source
3. Reboot system to load new kernel

🔧 Temporary Workarounds

Disable rtw89 driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist rtw89_core' >> /etc/modprobe.d/blacklist-rtw89.conf
rmmod rtw89_core rtw89_pci

🧯 If You Can't Patch

Disable WiFi or use alternative network interface
Implement network segmentation to isolate WiFi traffic

🔍 How to Verify

Check if Vulnerable:

Check if rtw89 driver is loaded: lsmod | grep rtw89

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: uname -r

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
System crashes related to WiFi

Network Indicators:

Unusual WiFi packet patterns triggering C2H events

SIEM Query:

kernel: *Oops* OR kernel: *rtw89*

📊 Metadata

CVE ID: CVE-2024-47721

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: October 21, 2024

Last Updated: October 23, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47721, you might also want to check these: