Kernel Panic Vulnerability in Atmel SAMA5 Wi-Fi Device Driver by Vendor Linux

CVE-2024-57992

Summary

A vulnerability exists in the Atmel SAMA5 Wi-Fi device driver for the Linux kernel that can lead to a kernel panic under certain conditions. Specifically, during probe functions for the wilc drivers (both SDIO and SPI), there is a failure to properly handle the unregistration of the wiphy component. When a wilc device is not correctly wired through SPI, it may become unresponsive to early SPI commands, potentially triggering a crash due to an erroneous kernel paging request. This vulnerability arises from a recent change that decouples wiphy allocation from registration, leading to improper calls to wiphy_unregister within the wilc_netdev_cleanup function. The issue can be mitigated by revising the cleanup procedure to correctly account for the registration state of the wiphy.

References