Linux Kernel WCN7850 WoW Offload Vulnerability Causes Firmware Crash

A vulnerability in the Linux kernel's handling of Wi-Fi offloads can lead to a crash in WCN7850 firmware. This issue arises in multi-link connections where offloads are enabled on both primary and secondary links. The vulnerability is present in the Linux kernel's stable branch, specifically in the Wi-Fi driver for the ath12k chipset, and affects WCN7850 hardware version 2.0.

Impact

The vulnerability can cause a denial of service by crashing the WCN7850 firmware, disrupting any active connections or processes that rely on it.

Reproduction

The vulnerability can be reproduced by establishing a multi-link connection on a device with WCN7850 hardware version 2.0. Enable WoW (Wake on Wireless) offloads on both the primary and secondary links. This can be done through the device's network settings or by using a script that interfaces with the Wi-Fi driver. The firmware crash can be observed shortly after WoW offloads are enabled on both links.

Remediation

The vulnerability has been addressed in a patch that modifies the WoW offload behavior to apply only on the primary link, preventing the firmware crash. This patch is available in the Linux kernel's stable branch.