CVE-2024-27052: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancelworksync() for c2hcmdwork
The Linux kernel CVE team has assigned CVE-2024-27052 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050115-CVE-2024-27052-fb6d@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: add cancelworksync() for c2hcmdwork
The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync() in rtl8xxxustop().
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw due to workqueue might still be running, when the driver is stopped. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-27052?
CVE-2024-27052 has been categorized as having a moderate severity level due to potential disruption in kernel operations.
How do I fix CVE-2024-27052?
To resolve CVE-2024-27052, update your Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.123-1, or any newer version available.
Which Linux kernel versions are affected by CVE-2024-27052?
The affected Linux kernel versions include 5.10.X, 5.15.X, 6.1.X, and other specific versions leading up to 6.9.
Is there a specific patch for CVE-2024-27052?
Yes, the patch for CVE-2024-27052 was integrated into the mainline Linux kernel to ensure the vulnerability is addressed.
What does CVE-2024-27052 impact in the Linux kernel?
CVE-2024-27052 impacts the RTL8XXXU Wi-Fi driver functionality, potentially affecting wireless communication stability.