CVE-2024-26610

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: fix a memory corruption

iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcf29c5b66b9f83939367d90679eb68cdfa2f0356 < 05dd9facfb9a1e056752c0901c6e86416037d15aaffected
LinuxLinuxcf29c5b66b9f83939367d90679eb68cdfa2f0356 < 99a23462fe1a6f709f0fda3ebbe8b6b193ac75bdaffected
LinuxLinuxcf29c5b66b9f83939367d90679eb68cdfa2f0356 < aa2cc9363926991ba74411e3aa0a0ea82c1ffe32affected
LinuxLinuxcf29c5b66b9f83939367d90679eb68cdfa2f0356 < 870171899d75d43e3d14360f3a4850e90a9c289baffected
LinuxLinuxcf29c5b66b9f83939367d90679eb68cdfa2f0356 < f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67affected
LinuxLinuxcf29c5b66b9f83939367d90679eb68cdfa2f0356 < cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4daffected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.210 <= 5.10.*unaffected
LinuxLinux5.15.149 <= 5.15.*unaffected
LinuxLinux6.1.76 <= 6.1.*unaffected
LinuxLinux6.6.15 <= 6.6.*unaffected
LinuxLinux6.7.3 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References