CVE-2024-47738 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't use rate mask for offchannel TX either
Like the commit ab9177d83c04 ("wifi: mac80211: don't use rate mask for scanning"), ignore incorrect settings to avoid no supported rate warning reported by syzbot.
The syzbot did bisect and found cause is commit 9df66d5b9f45 ("cfg80211: fix default HE tx bitrate mask in 2G band"), which however corrects bitmask of HE MCS and recognizes correctly settings of empty legacy rate plus HE MCS rate instead of returning -EINVAL.
As suggestions [1], follow the change of SCAN TX to consider this case of
offchannel TX as well.
[1] https://lore.kernel.org/linux-wireless/[email protected]/T/#m2ac2a6d2be06a37c9c47a3d8a44b4f647ed4f024
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 01/19/2026
The vulnerability identified as CVE-2024-47738 affects the Linux kernel's wireless subsystem, specifically within the mac80211 subsystem that handles 802.11 wireless networking functionality. This issue represents a regression in how the kernel handles transmission rate masking during offchannel operations, which are essential for wireless networking activities such as channel scanning and management tasks that occur outside the currently active channel. The problem manifests when the kernel incorrectly applies rate masking logic to offchannel transmissions, potentially leading to improper wireless communication behavior and system instability. The vulnerability was introduced by a previous fix for HE (High Efficiency) transmission bitrate masking in the 2g band, which inadvertently created a compatibility issue with offchannel transmission handling.
The technical flaw stems from inconsistent rate mask handling between scanning operations and offchannel transmissions within the mac80211 subsystem. Prior to this fix, the kernel's wireless subsystem was applying rate masking logic that was appropriate for scanning scenarios but inappropriate for offchannel transmission contexts. This inconsistency caused the system to generate incorrect rate settings that could result in no supported rate warnings, essentially preventing proper wireless communication during offchannel operations. The root cause was traced to commit 9df66d5b9f45 which corrected the HE MCS bitmask handling but failed to account for the broader implications on offchannel transmission scenarios. This creates a situation where the kernel's rate selection logic becomes incoherent across different wireless operation modes, leading to potential communication failures and resource allocation issues.
The operational impact of this vulnerability extends beyond simple connectivity issues to potentially affect wireless network stability and performance. During offchannel transmission operations, which are crucial for wireless management functions including channel switching, beacon processing, and wireless network monitoring, the incorrect rate masking can cause transmissions to fail or operate at suboptimal rates. This affects network reliability and can lead to increased latency, reduced throughput, and potential disconnections in wireless networks. The vulnerability particularly impacts systems running Linux kernels where wireless management operations occur frequently, such as in enterprise environments, mobile devices, and wireless access points that rely on proper offchannel transmission capabilities. The issue can also compound with other wireless subsystem components, potentially creating cascading failures in wireless network management functions.
Mitigation strategies for CVE-2024-47738 involve applying the kernel patch that aligns offchannel transmission rate mask handling with the previously implemented scanning logic fix. This patch ensures that both scanning and offchannel transmission contexts properly ignore incorrect rate mask settings, preventing the generation of no supported rate warnings that were previously occurring. System administrators should prioritize updating their Linux kernel versions to include this fix, particularly in environments where wireless networking stability is critical. The fix aligns with established security practices by following the principle of least privilege in wireless transmission configuration and ensuring proper handling of edge cases in wireless protocol implementation. This vulnerability demonstrates the complexity of wireless protocol implementation in kernel space and the importance of comprehensive testing across different operational modes to prevent regressions that can affect network reliability and security. The solution follows industry best practices for wireless subsystem maintenance and aligns with the ATT&CK framework's approach to network infrastructure vulnerabilities by addressing the specific technical flaw in wireless transmission management.