CVE-2024-47718 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: always wait for both firmware loading attempts

In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()' has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue 'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 01/19/2026

The vulnerability identified as CVE-2024-47718 resides within the Linux kernel's wireless networking subsystem, specifically affecting the rtw88 driver used for Realtek wireless adapters. This issue manifests as a race condition and use-after-free condition that can lead to system instability and potential security implications. The vulnerability is classified under CWE-415 as an Double Free condition, though more accurately represents a use-after-free scenario where memory is accessed after being freed. The root cause stems from improper synchronization during firmware loading operations within the wireless driver's initialization and cleanup processes.

The technical flaw occurs in the rtw_wait_firmware_completion() function where the driver fails to properly await both firmware loading attempts during the initialization phase. When the rtw_usb_probe() function encounters a failure during rtw_usb_intf_init(), the subsequent rtw_usb_disconnect() call may prematurely invoke ieee80211_free_hw() while one of the firmware loading callbacks (typically the WoWLAN firmware loading) is still actively executing. This creates a scenario where memory allocated for the wireless hardware structure becomes freed while another execution path is still attempting to access it, resulting in undefined behavior and potential kernel crashes. The vulnerability is particularly concerning as it operates at the kernel level where such memory corruption can lead to privilege escalation or system compromise.

The operational impact of this vulnerability extends beyond simple system crashes to potentially enable more sophisticated attack vectors. When KASAN (Kernel Address Sanitizer) detects the use-after-free condition, it typically triggers a kernel oops or panic, causing the system to become unresponsive or reboot unexpectedly. However, the underlying memory corruption could theoretically be exploited by malicious actors to execute arbitrary code with kernel privileges, especially if the corrupted memory locations can be manipulated to control execution flow. This represents a significant concern for embedded systems, servers, and devices running wireless networking capabilities where the kernel is exposed to potential exploitation. The vulnerability affects systems using Realtek wireless USB adapters that implement the rtw88 driver, making it relevant to a broad range of devices including laptops, desktops, and IoT devices with wireless connectivity.

Mitigation strategies for CVE-2024-47718 should focus on immediate patch application from the Linux kernel maintainers, as the fix involves ensuring proper synchronization between firmware loading operations and hardware cleanup processes. System administrators should prioritize updating their kernel versions to include the patched rtw88 driver implementation that correctly waits for both firmware loading attempts before proceeding with hardware deallocation. Additionally, monitoring for kernel oops messages or system instability related to wireless hardware initialization should be implemented as part of routine security monitoring. Organizations should also consider implementing network segmentation and access controls to limit potential exploitation vectors, while ensuring that wireless network interfaces are only enabled when necessary. The fix aligns with ATT&CK technique T1068 by addressing a kernel-level vulnerability that could enable privilege escalation, and with T1547.001 by ensuring proper driver initialization and cleanup processes that prevent unintended system behavior. Regular kernel security updates and vulnerability assessments should be maintained to prevent similar race condition vulnerabilities from emerging in other kernel subsystems.

Responsible

Linux

Reservation

09/30/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00246

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!