Linux Kernel ath12k NULL Pointer Dereference Vulnerability in Management Transmit Cleanup

A vulnerability in the Linux kernel's ath12k wireless driver can lead to a NULL pointer dereference. This issue arises because the 'ar' reference is not included in the socket buffer control block during management transmission. Although this reference is typically not needed for transmission completion callbacks, it becomes necessary during interface removal when the IDR cleanup callback retrieves the 'ar' pointer from the management transmission IDR. The vulnerability has been addressed by ensuring the 'ar' reference is properly set during transmission, preventing the potential NULL pointer access.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the wireless driver and potentially causing a denial of service on the affected system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.