Linux Kernel ath11k Module Denial-of-Service Vulnerability During Spectral Scan Deinitialization

A denial-of-service vulnerability has been identified in the Linux kernel's ath11k module. When the ath11k module is removed using the rmmod command while spectral scan is enabled, a crash occurs. This crash is caused by a null pointer dereference, as the module attempts to process spectral data after being instructed to deactivate the scan. The issue can be reproduced on devices using the QCN6122 hardware.

Impact

The vulnerability leads to a kernel crash, causing a denial-of-service condition by disrupting normal system operations.

Reproduction

To reproduce this vulnerability, enable spectral scanning in the ath11k module. Then, remove the module using the rmmod command while the spectral scan is still active. This will trigger a kernel crash due to a null pointer dereference, as the module tries to process spectral data that has not been properly disabled.

Remediation

No specific remediation is mentioned, but ensuring that spectral scan is disabled before removing the ath11k module can prevent the crash.