Linux Kernel ath12k Wi-Fi Driver DMA Pointer Mismanagement Vulnerability

A vulnerability exists in the Linux kernel's ath12k Wi-Fi driver for Qualcomm Wi-Fi 7 devices. The issue arises from improper handling of DMA (Direct Memory Access) buffer management. The function dma_alloc_coherent() allocates a DMA-mapped buffer and stores the addresses in unaligned fields. These unaligned addresses should be reused when freeing the buffer, rather than the default aligned addresses. This mismanagement can lead to potential memory handling issues.

Impact

Exploitation of this vulnerability could cause improper memory management, potentially leading to memory corruption or other related issues.

Reproduction

The vulnerability can be reproduced by allocating a DMA buffer using dma_alloc_coherent(), which will store the addresses in unaligned fields. When freeing the buffer, the driver incorrectly uses the aligned addresses instead of the unaligned ones. This can be observed by monitoring the memory management process in the ath12k Wi-Fi driver.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patch can be downloaded from the Linux kernel Git repository.