CVE-2024-42125 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband

We have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz sband will be NULL even if it is WiFi 7 chip. So, add NULL handling here to avoid crash.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 10/06/2025

The vulnerability CVE-2024-42125 affects the Linux kernel's wireless subsystem, specifically within the rtw89 driver that manages Realtek WiFi 7 chipsets. This issue arises from inadequate null pointer handling during firmware-based scan offload operations when 6 GHz frequency bands are disabled through BIOS policies. The root cause occurs when the system attempts to process 6 GHz channel scanning operations despite the absence of a valid 6 GHz spectrum band definition, leading to potential system crashes or instability. The vulnerability represents a classic null pointer dereference scenario that can be exploited to cause denial of service conditions in wireless networking operations.

The technical flaw manifests in the rtw89 wireless driver's firmware scan offload functionality where the code does not properly validate whether the 6 GHz spectrum band structure (sband) is available before attempting to access its properties. When BIOS policies explicitly block 6 GHz usage, the driver correctly identifies that no 6 GHz spectrum band exists, yet fails to handle this null condition gracefully. This oversight results in the driver attempting to access memory locations associated with a null pointer, which can lead to kernel panics or system crashes. The issue specifically impacts WiFi 7 chipsets that support 6 GHz frequencies but operate in environments where 6 GHz bands are administratively disabled, creating a mismatch between hardware capability and operational configuration.

The operational impact of this vulnerability extends beyond simple system crashes to affect the reliability of wireless networking in enterprise and consumer environments where 6 GHz frequency bands may be restricted for regulatory compliance or network management reasons. Systems utilizing Realtek WiFi 7 chipsets in configurations where 6 GHz support is disabled through BIOS policies become vulnerable to unexpected service interruptions during wireless scanning operations. This vulnerability particularly affects devices that dynamically configure their wireless capabilities based on system policies, including enterprise laptops, routers, and IoT devices that may be deployed in environments requiring 6 GHz frequency restrictions. The crash conditions can occur during routine wireless network discovery processes, potentially disrupting network connectivity and user productivity.

Mitigation strategies for CVE-2024-42125 should focus on implementing proper null pointer validation within the rtw89 driver code, specifically in the firmware scan offload functionality that processes 6 GHz channel operations. System administrators should ensure that kernel updates are applied promptly to address this vulnerability, particularly in environments where 6 GHz frequency restrictions are enforced through BIOS configurations. The fix involves adding robust NULL checking mechanisms before accessing 6 GHz spectrum band structures, which aligns with common software security practices and aligns with CWE-476, which addresses null pointer dereference vulnerabilities. Organizations should also consider implementing monitoring solutions to detect potential crash conditions during wireless scanning operations, as this vulnerability can be triggered through normal network discovery processes without specific malicious intent. The remediation approach should include comprehensive testing of wireless functionality in environments where 6 GHz bands are disabled to ensure proper handling of these edge cases.

This vulnerability demonstrates the importance of proper error handling in wireless driver implementations and aligns with ATT&CK technique T1499.001, which covers network denial of service attacks. The issue also reflects broader concerns about firmware and driver security in modern wireless networking systems, where configuration policies may create unexpected operational states that require robust error handling. The fix represents a standard defensive programming practice that prevents crashes from occurring when system resources are unavailable, which is particularly relevant for wireless drivers that must handle diverse hardware configurations and operational policies.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00208

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!