GHSA-8P54-HH75-4MH9

Vulnerability from github – Published: 2024-10-09 15:32 – Updated: 2025-11-04 00:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead

There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can't expect anything from the firmware after it's declared dead.

Don't call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running.

[edit commit message]

Severity ?
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-47672"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-09T15:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t wait for tx queues if firmware is dead\n\nThere is a WARNING in iwl_trans_wait_tx_queues_empty() (that was\nrecently converted from just a message), that can be hit if we\nwait for TX queues to become empty after firmware died. Clearly,\nwe can\u0027t expect anything from the firmware after it\u0027s declared dead.\n\nDon\u0027t call iwl_trans_wait_tx_queues_empty() in this case. While it could\nbe a good idea to stop the flow earlier, the flush functions do some\nmaintenance work that is not related to the firmware, so keep that part\nof the code running even when the firmware is not running.\n\n[edit commit message]",
  "id": "GHSA-8p54-hh75-4mh9",
  "modified": "2025-11-04T00:31:34Z",
  "published": "2024-10-09T15:32:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47672"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/16c1e5d5228f26f120e12e6ca55c59c3a5e6dece"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031e2403d1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ad2fcc2daa203a6ad491f00e9ae3b7867e8fe0f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.