Linux Kernel ath12k WLAN Recovery Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's ath12k wireless driver can cause node corruption in the 'arvifs' list, leading to a kernel panic. During WLAN recovery, the 'arvifs' list head is reinitialized, which can invalidate the next list node. If a WLAN recovery occurs while a virtual interface (vif) is being removed, this can trigger a kernel panic due to the corrupted list node. The issue arises because the removal process detects the invalid node situation, causing a crash. The vulnerability has been addressed by ensuring all vif list nodes are properly reinitialized during WLAN halt, preventing the corruption that could lead to a panic.

Impact

The vulnerability can cause a kernel panic, abruptly terminating the system's operation and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by initiating a WLAN recovery process while simultaneously removing a virtual interface in the ath12k driver. This sequence creates a race condition that exposes the list node corruption, triggering a kernel panic.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this patch is applied.