CVE-2024-47713 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace:
ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() nlmsg_multicast_filtered() netlink_broadcast_filtered() do_one_broadcast() netlink_broadcast_deliver() __netlink_sendskb() netlink_deliver_tap() __netlink_deliver_tap_skb() dev_queue_xmit() __dev_queue_xmit() ; with IRQS disabled ... spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags)
issues the warning (as reported by syzbot reproducer):
WARNING: CPU: 2 PID: 5128 at kernel/softirq.c:362 __local_bh_enable_ip+0xc3/0x120
Fix this by implementing a two-phase skb reclamation in 'ieee80211_do_stop()', where actual work is performed outside of a section with interrupts disabled.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability CVE-2024-47713 resides within the Linux kernel's mac80211 wireless subsystem, specifically in the ieee80211_do_stop() function. This issue represents a critical concurrency problem that can lead to system instability and potential denial of service conditions. The flaw manifests when the wireless driver attempts to shut down network interfaces while maintaining strict interrupt handling requirements. The vulnerability is particularly concerning as it involves improper handling of kernel softirq contexts and interrupt state management during critical wireless operations.
The technical root cause stems from a violation of kernel interrupt safety protocols where the __dev_queue_xmit() function is called while interrupts are disabled. This occurs during the cleanup process of wireless network interfaces when the ieee80211_do_stop() function attempts to free transmission skbs while holding a spinlock with interrupts disabled. The backtrace reveals a complex call chain where the spin_lock_irqsave() operation disables interrupts, but subsequent operations involving netlink broadcast mechanisms require interrupt enablement. The kernel's softirq subsystem generates a warning at kernel/softirq.c:362 when __local_bh_enable_ip() is called with improper interrupt state, indicating that the system attempted to re-enable soft interrupts while in an inconsistent state.
This vulnerability directly relates to CWE-121, which addresses buffer overflow conditions, and CWE-362, concerning concurrent execution issues. The issue also maps to ATT&CK technique T1499.001 for endpoint denial of service, as exploitation can cause system instability and wireless interface failures. The operational impact includes potential system crashes, wireless interface hangs, and complete denial of wireless communication capabilities on affected systems. Systems running wireless network drivers with the mac80211 subsystem are particularly vulnerable, affecting laptops, desktops, servers, and embedded devices with wireless capabilities.
The fix implements a two-phase skb reclamation strategy that separates the locking operations from the actual skb freeing work. This approach ensures that all operations requiring interrupt enablement occur outside of the critical section where interrupts are disabled. By restructuring the ieee80211_do_stop() function to defer the actual skb cleanup operations until after interrupt restoration, the vulnerability is resolved. This mitigation aligns with kernel development best practices for handling interrupt contexts and prevents the improper softirq state transitions that caused the original warning condition. The solution maintains the necessary synchronization while ensuring proper interrupt handling throughout the wireless interface shutdown process, effectively preventing the race condition that led to system instability.