Linux Kernel ath11k Node Corruption Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's ath11k wireless driver can cause node corruption in the 'arvifs' list, leading to a kernel panic. This issue arises during WLAN recovery when the 'arvifs' list head is reinitialized, leaving the subsequent list node invalid. If a WLAN recovery occurs while a virtual interface is being removed, the corruption triggers a kernel panic. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by initiating a WLAN recovery process while simultaneously removing a virtual interface. This sequence creates a race condition that exposes the node corruption issue, as the recovery process interferes with the proper management of the 'arvifs' list nodes.

Remediation

The vulnerability has been addressed by modifying the WLAN recovery process to properly handle all virtual interface list nodes, ensuring they are valid before the 'list_del()' operation is called.