CVE-2024-47673 in Linux
Summary
by MITRE • 10/09/2024
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING.
bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]
RIP: 0010:iwl_trans_send_cmd+0x1cb/0x1e0 [iwlwifi]
Call Trace: iwl_mvm_send_cmd+0x40/0xc0 [iwlmvm]
iwl_mvm_config_scan+0x198/0x260 [iwlmvm]
iwl_mvm_recalc_tcm+0x730/0x11d0 [iwlmvm]
iwl_mvm_tcm_work+0x1d/0x30 [iwlmvm]
process_one_work+0x29e/0x640 worker_thread+0x2df/0x690 ? rescuer_thread+0x540/0x540 kthread+0x192/0x1e0 ? set_kthread_struct+0x90/0x90 ret_from_fork+0x22/0x30
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/21/2026
The vulnerability CVE-2024-47673 affects the linux kernel's wireless networking subsystem, specifically within the iwlwifi driver implementation for intel wireless adapters. This issue stems from improper state management during firmware lifecycle operations, creating a condition where the driver attempts to communicate with a firmware component that is no longer operational. The root cause lies in the absence of proper synchronization when pausing the Transport Command Manager TCM during firmware shutdown procedures, leading to a dangerous race condition in the wireless subsystem.
The technical flaw manifests when the firmware is stopped but the TCM (Transport Command Manager) is not properly paused before attempting to send host commands. This creates a scenario where the driver invokes iwl_trans_send_cmd function while the firmware is in a non-operational state, resulting in kernel warnings and potential system instability. The call trace demonstrates this sequence starting from iwl_mvm_config_scan through iwl_mvm_recalc_tcm and eventually reaching iwl_trans_send_cmd, where the kernel's warning mechanism is triggered. This represents a classic case of improper state validation and resource management in kernel space.
The operational impact of this vulnerability extends beyond simple warning messages to potentially compromise system stability and wireless connectivity. When the firmware is stopped and commands are sent to a non-responsive transport layer, the kernel generates WARNING messages that indicate a critical state error with value 0, suggesting a fundamental failure in the driver's state machine. This condition can lead to complete wireless adapter dysfunction, intermittent connectivity issues, or in severe cases, system crashes that may require manual intervention or reboot. The vulnerability affects all systems running the affected kernel versions with intel wireless adapters, particularly those utilizing the iwlwifi driver with mvm (multi-virtual-machine) configuration.
Mitigation strategies should focus on ensuring proper firmware lifecycle management and implementing robust state validation before command execution. The fix requires modifying the driver code to explicitly pause the TCM when firmware is stopped, preventing the execution of transport commands during firmware inactivity. System administrators should update to kernel versions containing the patched driver implementation, which aligns with the principle of least privilege and proper resource management as recommended in the CWE-691 category for inadequate protection mechanisms. Additionally, monitoring systems should be configured to detect and alert on kernel WARNING messages related to wireless subsystem failures, as outlined in the ATT&CK framework's defense evasion and system reconnaissance techniques. Organizations should also implement regular kernel updates and security patch management processes to prevent exploitation of similar state management vulnerabilities in other kernel subsystems.