Login Sign Up

CVE-2024-58096

5.5 MEDIUM

📋 TL;DR

This CVE describes a race condition vulnerability in the Linux kernel's ath11k WiFi driver when operating in monitor mode. The vulnerability occurs due to missing lock protection around shared ring buffer operations, which can lead to kernel warnings or potential system instability. Systems using affected WiFi hardware with monitor mode enabled are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel with ath11k WiFi driver
Versions: Linux kernel versions before the fix commits (specific versions not specified in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when monitor mode is enabled on affected WiFi hardware (WCN6855, QCN9074). Regular WiFi operation is not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, potentially allowing privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

Kernel warning messages in system logs and potential performance degradation or instability in WiFi functionality.

🟢

If Mitigated

Minor performance impact from lock contention when monitor mode is active.

🌐 Internet-Facing: LOW - Requires local access to the system and monitor mode to be enabled.
🏢 Internal Only: MEDIUM - Internal attackers with local access could potentially trigger the vulnerability if monitor mode is enabled.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and monitor mode to be enabled. The vulnerability appears to be a race condition that primarily causes warnings rather than direct code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel versions containing commits 1d2178918efc928e11bed9631469ef79ff0a862a, 27ca8004ba93a0665faa6d477eaeb551e03de6c8, 63b7af49496d0e32f7a748b6af3361ec138b1bd3, or b85758e76b6452740fc2a08ced6759af64c0d59a

Vendor Advisory: https://git.kernel.org/stable/c/1d2178918efc928e11bed9631469ef79ff0a862a

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify ath11k driver is using patched version.

🔧 Temporary Workarounds

Disable monitor mode

linux

Prevent the vulnerable code path by disabling monitor mode on affected WiFi interfaces

sudo iw dev wlan0 set monitor none
sudo ip link set wlan0 down

🧯 If You Can't Patch

  • Disable monitor mode on all WiFi interfaces using affected hardware
  • Consider using alternative WiFi hardware or drivers if monitor mode functionality is required

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if monitor mode is enabled on ath11k interfaces: 'uname -r' and 'iwconfig | grep Mode'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and monitor mode works without kernel warnings in dmesg

📡 Detection & Monitoring

Log Indicators:

  • Kernel warnings mentioning 'ath11k_hal_srng_dst_peek' or 'ath11k_dp_rx_process_mon_status' in dmesg or syslog

Network Indicators:

  • Unusual WiFi monitor mode activity on systems not expected to use it

SIEM Query:

source="kernel" AND ("ath11k_hal_srng" OR "ath11k_dp_rx_process_mon")

📊 Metadata

CVE ID: CVE-2024-58096
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.11% exploit probability (29.5th percentile)
Published: April 16, 2025
Last Updated: February 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON