Linux Kernel ath11k Peer HE MCS Assignment Vulnerability Causes Firmware Crash

A vulnerability in the Linux kernel's ath11k wireless driver can lead to a firmware crash. This issue arises because the driver's handling of the High Efficiency (HE) Modulation and Coding Scheme (MCS) assignments for peer devices is incorrect. When connecting to an access point that improperly indicates unsupported transmission capabilities, the firmware mistakenly assigns a value that triggers a crash. The vulnerability is present in the Linux kernel's stable releases, specifically within the ath11k wireless driver.

Impact

The vulnerability causes a denial of service by crashing the firmware, disrupting wireless functionality.

Reproduction

To reproduce this issue, connect a device using the ath11k driver to an access point that advertises an unsupported transmission MCS value for 160 MHz. This misrepresentation will cause the firmware to crash, as it cannot handle the erroneous MCS assignment.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux documentation.