CVE-2023-52769 in Linuxinfo

Summary

by MITRE • 05/21/2024

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix htt mlo-offset event locking

The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section.

Mark the code in question as an RCU read-side critical section to avoid any potential use-after-free issues.

Compile tested only.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 08/11/2025

The vulnerability CVE-2023-52769 affects the Linux kernel's ath12k wireless driver implementation, specifically addressing a race condition in the handling of HTT MLO-offset events. This issue resides within the Qualcomm Atheros 12k family of wireless network adapters that utilize the ath12k driver for Linux systems. The vulnerability stems from improper synchronization mechanisms during the processing of multi-link operation offset events, which are critical for managing wireless network connections in complex multi-link scenarios.

The technical flaw manifests in the failure to properly mark a code section as an RCU (Read-Copy-Update) read-side critical section. The ath12k driver maintains active pdevs (physical device instances) under RCU protection to ensure safe concurrent access during runtime operations. However, the htt mlo-offset event handling code that invokes ath12k_mac_get_ar_by_pdev_id() function was not explicitly marked as requiring RCU read-side critical section protection. This omission creates a potential race condition where the function may attempt to access memory that has been freed or reallocated by concurrent write operations, leading to use-after-free vulnerabilities.

The operational impact of this vulnerability extends across wireless networking functionality in Linux systems utilizing the ath12k driver, particularly affecting devices that support multi-link operation scenarios. Attackers could potentially exploit this weakness to cause system instability, memory corruption, or in worst-case scenarios achieve privilege escalation through memory corruption primitives. The vulnerability is particularly concerning in environments where wireless network operations are frequent and concurrent, as the race condition probability increases with system load and network activity.

The fix implemented addresses this issue by properly marking the affected code section as an RCU read-side critical section, ensuring that the ath12k_mac_get_ar_by_pdev_id() function executes within appropriate synchronization context. This change prevents potential use-after-free conditions that could occur when accessing pdev structures during concurrent read and write operations. The mitigation approach aligns with standard kernel security practices for RCU usage patterns and follows established guidelines for preventing race conditions in concurrent data access scenarios. The solution has been compile-tested to ensure compatibility with existing driver functionality while addressing the identified synchronization issue.

This vulnerability maps to CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition and CWE-416: Use After Free, with potential implications for kernel memory safety and system stability. From an ATT&CK perspective, this could enable privilege escalation techniques through kernel memory corruption, potentially falling under T1068: Exploitation for Privilege Escalation and T1547.001: Registry Run Keys / Startup Folder. The fix demonstrates proper adherence to kernel development practices and RCU synchronization protocols that are fundamental to maintaining system integrity in concurrent environments.

Sources

Want to know what is going to be exploited?

We predict KEV entries!