Linux Kernel ath12k Module Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's ath12k wireless driver can lead to a kernel panic due to a null pointer dereference. This issue occurs in the function ath12k_dp_tx_get_encap_type(), where the arvif parameter is used to retrieve a pointer that can become null during the virtual device deletion process. The vulnerability is present in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by initiating a virtual device deletion sequence in the ath12k wireless driver. This process can cause the arvif->ar pointer to become null, which, when dereferenced, triggers a kernel panic. The issue can be observed in the QCN9274 hardware version 2.0, running the PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 firmware.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.