CVE-2024-57995 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-57995?

CVE-2024-57995 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver. When a virtual interface (vif) is assigned to a different radio device, the driver incorrectly accesses freed memory, potentially leading to kernel crashes or arbitrary code execution. This affects Linux systems using Qualcomm Atheros ath12k WiFi hardware.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver. When a virtual interface (vif) is assigned to a different radio device, the driver incorrectly accesses freed memory, potentially leading to kernel crashes or arbitrary code execution. This affects Linux systems using Qualcomm Atheros ath12k WiFi hardware.

💻 Affected Systems

Products:

Linux kernel with ath12k driver

Versions: Linux kernel versions containing vulnerable ath12k driver code before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Qualcomm Atheros ath12k WiFi hardware (QCN9274 chipsets). Requires ath12k driver to be loaded and in use.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel mode, allowing attackers to execute arbitrary code with highest privileges.

🟠

Likely Case

System instability, kernel crashes, or denial of service affecting WiFi functionality on affected systems.

🟢

If Mitigated

Limited impact if exploit attempts fail or system has kernel hardening features like KASLR and SMEP/SMAP enabled.

🌐 Internet-Facing: LOW - Requires local access or ability to interact with WiFi subsystem, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Requires local access to system or ability to interact with WiFi hardware/driver, could be exploited by malicious local users or through WiFi attack vectors.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or ability to interact with WiFi subsystem. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits 57100b87c77818cb0d582a92e5cb32fff85c757d, 5a10971c7645a95f5d5dc23c26fbac4bf61801d0, or f3a95a312419e4f1e992525917da9dbcd247038f

Vendor Advisory: https://git.kernel.org/stable/c/57100b87c77818cb0d582a92e5cb32fff85c757d

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. For custom kernels: Apply the patch from kernel git repository. 4. Rebuild and install kernel if compiling from source.

🔧 Temporary Workarounds

Disable ath12k driver

all

Prevent loading of vulnerable ath12k driver module

echo 'blacklist ath12k' >> /etc/modprobe.d/blacklist-ath12k.conf
rmmod ath12k

Restrict WiFi interface operations

all

Limit non-root user access to WiFi configuration

chmod 600 /sys/class/net/wlan*
setcap -r /usr/sbin/iw

🧯 If You Can't Patch

Disable ath12k WiFi hardware if not required
Implement strict access controls to prevent local users from manipulating WiFi interfaces

🔍 How to Verify

Check if Vulnerable:

Check if ath12k module is loaded: lsmod | grep ath12k. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: grep -r '57100b87c77818cb0d582a92e5cb32fff85c757d\|5a10971c7645a95f5d5dc23c26fbac4bf61801d0\|f3a95a312419e4f1e992525917da9dbcd247038f' /usr/src/linux/.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages in /var/log/kern.log or dmesg
System crashes or panics related to ath12k driver
Unexpected WiFi interface state changes

Network Indicators:

Sudden loss of WiFi connectivity
Unusual WiFi interface configuration changes

SIEM Query:

source="kernel" AND ("ath12k" OR "use-after-free" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2024-57995

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (12.3th percentile)

Published: February 27, 2025

Last Updated: November 2, 2025

🔗 References

https://git.kernel.org/stable/c/57100b87c77818cb0d582a92e5cb32fff85c757d
https://git.kernel.org/stable/c/5a10971c7645a95f5d5dc23c26fbac4bf61801d0 Mailing List,Patch
https://git.kernel.org/stable/c/f3a95a312419e4f1e992525917da9dbcd247038f Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57995, you might also want to check these: