Linux Kernel WiFi Driver mt76 mt7921e Denial-of-Service Vulnerability During Module Removal

A denial-of-service vulnerability has been identified in the Linux kernel's WiFi driver for MediaTek MT76, specifically in the MT7921E module. This issue occurs during a stress test that involves quickly removing the module after it has been inserted. The vulnerability arises because the driver does not properly manage its data before the module is fully initialized, leading to a crash. The problem has been traced to the PCI removal function, which fails to account for pending operations, causing a user-memory-access error.

Impact

The vulnerability causes a crash of the MT7921E driver module, disrupting any active processes that rely on this component.

Reproduction

To reproduce this vulnerability, insert the MT7921E module using the 'insmod' command. After the module is loaded, do not initiate any network operations, then quickly remove the module with 'rmmod', ideally within one second. This rapid removal triggers the crash by interrupting the driver's initialization process.

Remediation

The vulnerability has been addressed in a patch that ensures the driver's data is properly set before the module is fully initialized. Users should apply this patch to mitigate the issue.