CVE-2024-27434
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5c75a208c2449c6ea24f07610cc052f6a352246c < b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8 | affected |
| Linux | Linux | 5c75a208c2449c6ea24f07610cc052f6a352246c < 40405cbb20eb6541c603e7b3d54ade0a7be9d715 | affected |
| Linux | Linux | 5c75a208c2449c6ea24f07610cc052f6a352246c < 60f6d5fc84a9fd26528a24d8a267fc6a6698b628 | affected |
| Linux | Linux | 5c75a208c2449c6ea24f07610cc052f6a352246c < e35f316bce9e5733c9826120c1838f4c447b2c4c | affected |
| Linux | Linux | 6.2 | affected |
| Linux | Linux | 0 < 6.2 | unaffected |
| Linux | Linux | 6.6.23 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.11 <= 6.7.* | unaffected |
| Linux | Linux | 6.8.2 <= 6.8.* | unaffected |
| Linux | Linux | 6.9 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8
- https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715
- https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628
- https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c
References
- https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8
- https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715
- https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628
- https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.