Linux Kernel ath11k NULL Pointer Dereference Vulnerability on IPQ5018

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ath11k wireless driver for the IPQ5018 chipset. This issue arises because the hardware operations structure for IPQ5018 does not properly initialize the ring selector function. As a result, when data is transmitted after clients connect, the driver attempts to call a function that hasn't been set, leading to a kernel crash. The vulnerability manifests as a stack trace indicating a failure to handle a NULL pointer dereference, with the process 'hostapd' involved.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting all processes and services running on the device.

Reproduction

The vulnerability can be reproduced by connecting clients to a device using the IPQ5018 chipset that is running the affected version of the Linux kernel. Once connected, the device will attempt to send data, triggering the NULL pointer dereference in the ath11k driver.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.