Linux Kernel ath10k Wireless Driver Pointer Mismanagement Vulnerability

A vulnerability exists in the Linux kernel's ath10k wireless driver, specifically within the stable branch. The issue arises from improper management of pointers when freeing DMA-coherent memory. The dma_alloc_coherent() function allocates a DMA-mapped buffer and stores the addresses in unaligned fields. These unaligned addresses should be reused when freeing the buffer, rather than the default aligned addresses. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to memory management issues, where freed buffers may not be properly handled, potentially causing memory leaks or corruption.

Reproduction

The vulnerability can be reproduced by allocating a DMA-coherent buffer using the dma_alloc_coherent() function, which will store the addresses in unaligned fields. When the buffer is freed, the driver incorrectly uses the aligned addresses instead of the unaligned ones, leading to improper memory management.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.