CVE-2024-47712

{"id": "CVE-2024-47712", "cveTags": [], "metrics": {}, "published": "2024-10-21T12:15:07.640", "references": [{"url": "https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed."}], "lastModified": "2024-10-21T17:09:45.417", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}