CVE-2024-57992 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

wifi: wilc1000: unregister wiphy only if it has been registered

There is a specific error path in probe functions in wilc drivers (both sdio and spi) which can lead to kernel panic, as this one for example when using SPI:

Unable to handle kernel paging request at virtual address 9f000000 when read [9f000000] *pgd=00000000
Internal error: Oops: 5 [#1] ARM
Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_generic ecc CPU: 0 UID: 0 PID: 106 Comm: modprobe Not tainted 6.13.0-rc3+ #22 Hardware name: Atmel SAMA5 PC is at wiphy_unregister+0x244/0xc40 [cfg80211]
LR is at wiphy_unregister+0x1c0/0xc40 [cfg80211]
[...]
wiphy_unregister [cfg80211] from wilc_netdev_cleanup+0x380/0x494 [wilc1000]
wilc_netdev_cleanup [wilc1000] from wilc_bus_probe+0x360/0x834 [wilc1000_spi]
wilc_bus_probe [wilc1000_spi] from spi_probe+0x15c/0x1d4
spi_probe from really_probe+0x270/0xb2c really_probe from __driver_probe_device+0x1dc/0x4e8 __driver_probe_device from driver_probe_device+0x5c/0x140 driver_probe_device from __driver_attach+0x220/0x540 __driver_attach from bus_for_each_dev+0x13c/0x1a8 bus_for_each_dev from bus_add_driver+0x2a0/0x6a4 bus_add_driver from driver_register+0x27c/0x51c driver_register from do_one_initcall+0xf8/0x564 do_one_initcall from do_init_module+0x2e4/0x82c do_init_module from load_module+0x59a0/0x70c4 load_module from init_module_from_file+0x100/0x148 init_module_from_file from sys_finit_module+0x2fc/0x924 sys_finit_module from ret_fast_syscall+0x0/0x1c

The issue can easily be reproduced, for example by not wiring correctly a wilc device through SPI (and so, make it unresponsive to early SPI commands). It is due to a recent change decoupling wiphy allocation from wiphy registration, however wilc_netdev_cleanup has not been updated accordingly, letting it possibly call wiphy unregister on a wiphy which has never been registered.

Fix this crash by moving wiphy_unregister/wiphy_free out of wilc_netdev_cleanup, and by adjusting error paths in both drivers

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 05/24/2026

The vulnerability CVE-2024-57992 affects the Linux kernel's wilc1000 wireless driver implementation, specifically impacting both spi and sdio bus interfaces. This flaw represents a critical kernel panic condition that occurs during device probe operations when the driver attempts to unregister a wireless physical layer (wiphy) that was never properly registered. The issue stems from a recent architectural change that separated wiphy allocation from registration processes, but the cleanup function wilc_netdev_cleanup was not updated to reflect this decoupling. This creates a scenario where the driver's error handling paths can invoke wiphy_unregister on uninitialized wiphy structures, leading to memory access violations and system crashes.

The technical execution of this vulnerability manifests through specific error paths in the wilc driver's probe functions, particularly when using SPI interfaces. When a wilc device is improperly connected or fails to respond to early SPI commands, the driver enters error handling routines that attempt to clean up resources. The kernel oops trace shows the crash occurring at wiphy_unregister+0x244/0xc40 within the cfg80211 module, with the call stack indicating that wilc_netdev_cleanup invokes wiphy_unregister on a wiphy that has not been registered. This specific memory access violation at virtual address 9f000000 demonstrates a classic null pointer dereference or use-after-free condition, where the kernel attempts to access memory that was never properly allocated or initialized. The ARM architecture context and module loading sequence further confirm that this is a legitimate kernel panic scenario rather than a user-space issue.

The operational impact of CVE-2024-57992 extends beyond simple system crashes to potentially compromise device availability and system stability in embedded and mobile environments where wilc1000 drivers are commonly deployed. Systems utilizing Atmel SAMA5 hardware platforms, which are prevalent in IoT devices and embedded wireless solutions, face elevated risk of unexpected reboots or complete system failures when encountering improper device connections or hardware faults. The vulnerability affects the fundamental device initialization process, meaning that any application or service relying on wireless connectivity through wilc1000 drivers could experience intermittent disruptions or complete service outages. This represents a significant concern for industrial IoT deployments, mobile devices, and embedded systems where wireless connectivity is critical for normal operation and where system reliability is paramount.

The fix for this vulnerability requires modifications to the driver's error handling logic by decoupling wiphy_unregister and wiphy_free operations from the wilc_netdev_cleanup function and adjusting error paths in both SPI and SDIO driver implementations. This remediation aligns with established security best practices for kernel driver development and follows the principle of least privilege by ensuring proper resource management and state validation. The solution addresses the core issue identified in CWE-476, which covers null pointer dereferences in kernel space, and prevents the improper resource cleanup that leads to the kernel panic. Additionally, this fix supports ATT&CK technique T1547.001 by ensuring proper driver initialization and cleanup processes that prevent malicious exploitation of kernel-level resource management vulnerabilities. The recommended approach of moving resource cleanup operations outside of error handling paths and implementing proper state checks prevents similar issues from occurring in future driver modifications and aligns with the Linux kernel's security hardening requirements for device drivers.

Responsible

Linux

Reservation

02/27/2025

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00163

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!