CVE-2024-56599
📋 TL;DR
A NULL pointer dereference vulnerability in the Linux kernel's ath10k SDIO driver can cause kernel panic during module removal when CONFIG_INIT_ON_FREE_DEFAULT_ON is enabled. This affects Linux systems using Qualcomm Atheros QCA6174 WiFi chips via SDIO interface. The vulnerability is triggered during driver cleanup when removing the ath10k module.
💻 Affected Systems
- Linux kernel ath10k SDIO driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot.
Likely Case
System crash during driver removal operations, causing temporary service disruption.
If Mitigated
No impact if CONFIG_INIT_ON_FREE_DEFAULT_ON is disabled or patched kernel is used.
🎯 Exploit Status
Exploitation requires ability to remove ath10k module (typically root privileges) and specific kernel configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel stable releases containing commits 27d5d217ae7ffb99dd623375a17a7d3418d9c755 and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/27d5d217ae7ffb99dd623375a17a7d3418d9c755
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Rebuild kernel if using custom build. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable CONFIG_INIT_ON_FREE_DEFAULT_ON
linuxDisable kernel configuration option that triggers the NULL pointer dereference
Rebuild kernel with CONFIG_INIT_ON_FREE_DEFAULT_ON=n
Avoid ath10k module removal
linuxPrevent removal of ath10k module during normal operations
echo 'install ath10k /bin/false' >> /etc/modprobe.d/ath10k.conf
🧯 If You Can't Patch
- Ensure CONFIG_INIT_ON_FREE_DEFAULT_ON is disabled in kernel configuration
- Restrict module removal permissions to prevent unauthorized users from triggering the vulnerability
🔍 How to Verify
Check if Vulnerable:
Check kernel config: grep CONFIG_INIT_ON_FREE_DEFAULT_ON /boot/config-$(uname -r) and verify ath10k module versionCheck Version:
modinfo ath10k | grep version && uname -rVerify Fix Applied:
Check kernel version is patched: uname -r and verify with distribution security advisories📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg output
- NULL pointer dereference errors during module removal
Network Indicators:
- Sudden loss of WiFi connectivity followed by system instability
SIEM Query:
source="kernel" AND ("NULL pointer" OR "kernel panic") AND "ath10k"🔗 References
- https://git.kernel.org/stable/c/27d5d217ae7ffb99dd623375a17a7d3418d9c755
- https://git.kernel.org/stable/c/27fda36eedad9e4ec795dc481f307901d1885112
- https://git.kernel.org/stable/c/543c0924d446b21f35701ca084d7feca09511220
- https://git.kernel.org/stable/c/6e5dbd1c04abf2c19b2282915e6fa48b6ccc6921
- https://git.kernel.org/stable/c/95c38953cb1ecf40399a676a1f85dfe2b5780a9a
- https://git.kernel.org/stable/c/b35de9e01fc79c7baac666fb2dcb4ba7698a1d97
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
