Linux Kernel rtw89 CAM Leak Vulnerability During L2 Reset Process

A vulnerability in the Linux kernel's rtw89 wireless driver can lead to address CAM and BSSID CAM leaks during the L2 reset process, particularly after a system error recovery. This issue arises when the ieee80211_restart_hw() function, which is triggered by the L2 reset, is called. The normal process of managing CAM can be disrupted, causing leaks, especially in non-secure connections. The vulnerability has been addressed by ensuring that CAM is released before the hardware restart, regardless of the connection's security status, and by checking the validity of CAM to prevent multiple unnecessary acquisitions. In AP mode, the address CAM of all stations is released before the hardware restart to prevent leaks.

Impact

Exploitation of this vulnerability can lead to memory management issues, specifically CAM leaks, which can disrupt the normal operation of the wireless driver and potentially be exploited to cause further issues in the system.