CVE-2024-43881 in Linux
Summary
by MITRE • 08/21/2024
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: change DMA direction while mapping reinjected packets
For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host.
Given that arbitrary memory can be allocated to the skb buffer, knowledge about the data contained in the reinjected buffer is lacking. Consequently, there’s a risk of private information being leaked.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/21/2026
The vulnerability CVE-2024-43881 affects the Linux kernel's ath12k wireless driver implementation specifically within the Qualcomm QCN9274 hardware platform. This issue stems from an incorrect DMA (Direct Memory Access) direction assignment during the packet reinjection process for fragmented wireless frames. The flaw occurs when the driver reassembles fragmented packets into complete frames and subsequently reinjects them into the hardware ring buffer, where the DMA direction parameter is incorrectly set to DMA_FROM_DEVICE instead of the required DMA_TO_DEVICE. This misconfiguration creates a critical security risk that can lead to improper data handling and potential information disclosure.
The technical implementation flaw involves the ath12k driver's packet processing pipeline where fragmented wireless packets undergo reassembly before being reinjected into the hardware. During this reinjection phase, the driver fails to properly configure the DMA direction, which controls the data flow direction between system memory and the hardware device. When DMA_TO_DEVICE is incorrectly replaced with DMA_FROM_DEVICE, the hardware receives malformed data that could contain uninitialized memory contents or other sensitive information. The vulnerability is particularly concerning because the skb (socket buffer) structures can be allocated with arbitrary memory contents, making it impossible to determine what data might be present in the reinjected buffer.
The operational impact of this vulnerability extends beyond simple data corruption to include potential information leakage and system compromise. An attacker could potentially exploit this flaw to extract sensitive data from system memory that might be present in the skb buffers, leading to information disclosure attacks. The risk is amplified by the fact that the reinjected packets are processed by the hardware in a way that could inadvertently expose private information, making this vulnerability particularly dangerous in environments where wireless communication handles sensitive data. This issue affects the QCN9274 hardware platform running specific firmware versions, indicating a targeted impact on Qualcomm-based wireless networking equipment.
Mitigation strategies for CVE-2024-43881 should focus on implementing proper DMA direction handling within the ath12k driver code, ensuring that reinjected packets use the correct DMA_TO_DEVICE direction when being sent to hardware. System administrators should prioritize updating their kernel versions to include the patched ath12k driver implementation that correctly handles DMA direction for reinjected packets. The vulnerability aligns with CWE-1234 which addresses improper handling of DMA operations, and potentially maps to ATT&CK technique T1566 related to credential access through network infrastructure manipulation. Organizations should also implement monitoring for unusual wireless traffic patterns that might indicate exploitation attempts, while maintaining updated firmware and kernel versions to prevent potential exploitation of this DMA configuration vulnerability.