Linux Kernel ath11k Module General Protection Fault Vulnerability

A vulnerability in the Linux kernel's ath11k module can lead to a general protection fault, likely caused by a null pointer dereference. This issue occurs when the module is removed while the amss.bin file is missing, causing a crash. The problem arises because the module uses an asynchronous power-up function that does not verify errors, instead of a synchronous version that does. The vulnerability has been observed on WCN6855 hardware version 2.0, with the Intel NUC8i7HVK as the hardware platform.

Impact

The vulnerability causes a general protection fault, leading to a crash of the ath11k module. This is likely due to a null pointer dereference, which can disrupt normal operations and potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

To reproduce this vulnerability, load the ath11k module and then remove it using the 'rmmod' command. Ensure that the amss.bin file is missing, which will trigger the crash. The issue can be observed in the kernel version 5.16.0-wt-ath+.

Remediation

No specific remediation is mentioned, but ensuring that the amss.bin file is present may prevent the crash when removing the ath11k module.