Linux Kernel up to 6.13.1 chan.c rtw89_entity_recalc_mgnt_roles denial of service

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Linux Kernel up to 6.13.1. Affected by this vulnerability is the function rtw89_entity_recalc_mgnt_roles of the file chan.c. The manipulation leads to denial of service.
This vulnerability is listed as CVE-2024-57991. There is no available exploit.
You should upgrade the affected component.
Details
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.13.1. This issue affects the function rtw89_entity_recalc_mgnt_roles of the file chan.c. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. Impacted is availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, should have aborted the list_for_each_entry. But, `break` just aborted the inner for-loop. The outer list_for_each_entry still continues. Normally, only the first entry will match the target pattern, and the re-ordering will change nothing, so there won't be soft lockup. However, in some special cases, soft lockup would happen. Fix it by `goto fill` to break from the list_for_each_entry. The following is a sample of kernel log for this problem. watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [wpa_supplicant:2055] [...] RIP: 0010:rtw89_entity_recalc ([...] chan.c:392 chan.c:479) rtw89_core [...]
It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2024-57991 since 02/27/2025. Technical details of the vulnerability are known, but there is no available exploit.
Upgrading to version 6.13.2 or 6.14-rc1 eliminates this vulnerability. Applying the patch 223ba95fdcd3c6090e2bd51dce66abb6dd4f9df9/01d2d34e9fcc9897081c3c16a666f793c8a38c58/e4790b3e314a4814f1680a5dc552031fb199b878 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-0453). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Affected
- Google Container-Optimized OS
- Debian Linux
- Amazon Linux 2
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle Linux
- Siemens SIMATIC S7
- RESF Rocky Linux
- Dell NetWorker
- Dell Avamar
- Red Hat OpenShift
- IBM QRadar SIEM
- SolarWinds Security Event Manager
- Dell PowerProtect Data Domain
- Open Source Linux Kernel
- IBM DataPower Gateway
- Dell Secure Connect Gateway
- Dell PowerScale OneFS
- Dell ECS
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.7VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.13.2/6.14-rc1
Patch: 223ba95fdcd3c6090e2bd51dce66abb6dd4f9df9/01d2d34e9fcc9897081c3c16a666f793c8a38c58/e4790b3e314a4814f1680a5dc552031fb199b878
Timeline
02/27/2025 🔍02/27/2025 🔍
02/27/2025 🔍
05/24/2026 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-57991 (🔍)
GCVE (CVE): GCVE-0-2024-57991
GCVE (VulDB): GCVE-100-297803
CERT Bund: WID-SEC-2025-0453 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 02/27/2025 09:23Updated: 05/24/2026 20:28
Changes: 02/27/2025 09:23 (59), 07/22/2025 05:28 (7), 09/30/2025 06:01 (1), 10/09/2025 21:57 (1), 10/25/2025 05:37 (1), 11/09/2025 20:55 (1), 01/17/2026 23:36 (1), 05/24/2026 20:28 (1)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.