Linux Kernel RCU Warning Vulnerability in Realtek RTW88 Wi-Fi Driver

A vulnerability has been addressed in the Linux kernel's Wi-Fi subsystem, specifically within the Realtek RTW88 driver. The issue arose because the 'ieee80211_ops::sta_rc_update' function was not atomic. This lack of atomicity led to a voluntary context switch while the RCU read-side critical section was locked, causing a warning. The problem occurred when 'ieee80211_chan_bw_change()' held the RCU read lock and called 'drv_sta_rc_update()'. To resolve this, a work queue was introduced to handle the rate updates without disrupting the RCU context. The vulnerability could potentially be exploited by manipulating the channel bandwidth changes in a way that interferes with the driver's state update process.

Impact

Exploitation of this vulnerability could lead to improper handling of wireless state changes, potentially causing instability or unexpected behavior in Wi-Fi performance.

Reproduction

The vulnerability can be reproduced by triggering a channel bandwidth change while the 'ieee80211_ops::sta_rc_update' function is called. This can be done by using a Realtek Wi-Fi device that supports the RTW88 driver and manually changing the channel bandwidth through network management tools, which will simulate the conditions that cause the RCU warning.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. The patch is included in the official Linux stable releases.