CVE-2024-35937

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: check A-MSDU format more carefully

If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more careful and check if the subframe header can even be present.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux966d5c2c22edcc0ab3d519af39f91a29329c979a < 9eb3bc0973d084423a6df21cf2c74692ff05647eaffected
LinuxLinux6e4c0d0460bd32ca9244dff3ba2d2da27235de11 < 5d7a8585fbb31e88fb2a0f581b70667d3300d1e9affected
LinuxLinux6e4c0d0460bd32ca9244dff3ba2d2da27235de11 < 16da1e1dac23be45ef6e23c41b1508c400e6c544affected
LinuxLinux6e4c0d0460bd32ca9244dff3ba2d2da27235de11 < 9ad7974856926129f190ffbe3beea78460b3b7ccaffected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.6.27 <= 6.6.*unaffected
LinuxLinux6.8.6 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References