CVE-2024-48873
📋 TL;DR
A NULL pointer dereference vulnerability exists in the Linux kernel's rtw89 WiFi driver. If exploited, this could cause a kernel panic or system crash on devices using this driver. This affects Linux systems with the rtw89 driver loaded, particularly those using Realtek WiFi chipsets.
💻 Affected Systems
- Linux kernel with rtw89 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart affected systems.
Likely Case
System crash or instability when specific WiFi operations trigger the NULL pointer dereference, causing temporary denial of service.
If Mitigated
Minor system instability that self-recovers or requires manual intervention to restart affected services.
🎯 Exploit Status
Exploitation requires triggering specific WiFi operations that cause ieee80211_probereq_get() to return NULL, then dereferencing that pointer.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 1a0f54cb3fea5d087440b2bae03202c445156a8d, 630d5d8f2bf6b340202b6bc2c05d794bbd8e4c1c, 7296e5611adb2c619bd7bd3817ddde7ba865ef17
Vendor Advisory: https://git.kernel.org/stable/c/1a0f54cb3fea5d087440b2bae03202c445156a8d
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load patched kernel. 3. Verify rtw89 driver is updated.
🔧 Temporary Workarounds
Disable rtw89 driver
linuxUnload the vulnerable driver if not needed
sudo modprobe -r rtw89_core
sudo modprobe -r rtw89_pci
Blacklist rtw89 driver
linuxPrevent driver from loading at boot
echo 'blacklist rtw89_core' | sudo tee /etc/modprobe.d/blacklist-rtw89.conf
echo 'blacklist rtw89_pci' | sudo tee -a /etc/modprobe.d/blacklist-rtw89.conf
🧯 If You Can't Patch
- Disable WiFi functionality on affected systems
- Use alternative WiFi hardware with different drivers
🔍 How to Verify
Check if Vulnerable:
Check if rtw89 driver is loaded: lsmod | grep rtw89Check Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits or verify driver version after update📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- System crash logs
- NULL pointer dereference errors in kernel logs
Network Indicators:
- Unexpected WiFi disconnections
- Network interface failures
SIEM Query:
kernel: *NULL pointer dereference* OR kernel: *rtw89* AND (panic OR oops)