CVE-2024-57991 in Linux
Summary
by MITRE • 02/27/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, should have aborted the list_for_each_entry. But, `break` just aborted the inner for-loop. The outer list_for_each_entry still continues. Normally, only the first entry will match the target pattern, and the re-ordering will change nothing, so there won't be soft lockup. However, in some special cases, soft lockup would happen.
Fix it by `goto fill` to break from the list_for_each_entry.
The following is a sample of kernel log for this problem.
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [wpa_supplicant:2055]
[...]
RIP: 0010:rtw89_entity_recalc ([...] chan.c:392 chan.c:479) rtw89_core
[...]
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/24/2026
The vulnerability CVE-2024-57991 represents a critical soft lockup issue within the Linux kernel's wireless subsystem, specifically affecting the rtw89 driver used for Realtek WiFi devices. This flaw manifests during the execution of the rtw89_entity_recalc_mgnt_roles() function which handles management role recalculation for wireless entities. The issue stems from improper loop control logic within a list traversal operation that can cause the system to become unresponsive. The vulnerability operates at the kernel level and directly impacts the stability of wireless networking functionality on affected systems.
The technical root cause involves a fundamental flaw in loop termination logic within the wireless driver's channel management code. During the normalizing process of list reordering, the code employs a list_for_each_entry macro structure that contains nested loop operations. When a matching entry is found with the target pattern, the code should terminate processing immediately. However, the implementation uses a simple break statement that only exits the inner loop rather than the outer list_for_each_entry construct. This design flaw causes the outer loop to continue executing, potentially leading to infinite loop conditions and system lockups. The vulnerability is categorized under CWE-121 as a buffer overflow condition and specifically relates to improper control flow management in kernel space code.
The operational impact of this vulnerability extends beyond simple system instability to potentially compromise network connectivity and system responsiveness. When triggered, the soft lockup condition causes the watchdog timer to detect an unresponsive CPU, typically resulting in system hangs that can last for several seconds or longer. The kernel log evidence shows the watchdog reporting "soft lockup - CPU#1 stuck for 26s" which indicates a complete system freeze during the problematic execution path. This behavior directly violates the Linux kernel's real-time requirements and can affect network management operations, particularly in environments where wireless connectivity is critical. The vulnerability affects systems running kernel versions where the rtw89 driver is present and actively managing wireless channels.
The mitigation strategy involves implementing a proper goto statement to exit the list_for_each_entry construct entirely rather than relying on a simple break that only exits the inner loop. This fix ensures that when a matching entry is found and processed, the entire list traversal operation terminates immediately. The solution aligns with ATT&CK framework technique T1489 by addressing system network denial through kernel-level code correction. System administrators should prioritize applying the kernel patch that implements this fix to prevent potential system lockups and maintain wireless network stability. The fix also demonstrates proper defensive programming practices as recommended in the CERT/CC Secure Coding Standards for kernel development, specifically addressing improper loop termination conditions that can lead to system instability and denial of service attacks.