CVE-2024-36921

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: guard against invalid STA ID on removal

Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would result in out-of-bounds array accesses. This prevents issues should the driver get into a bad state during error handling.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux006c152ac9e56ac7871efa995854c3ff8cf6915a < 94f80a8ec15e238b78521f20f8afaed60521a294affected
LinuxLinux006c152ac9e56ac7871efa995854c3ff8cf6915a < fab21d220017daa5fd8a3d788ff25ccfecfaae2faffected
LinuxLinux006c152ac9e56ac7871efa995854c3ff8cf6915a < 17f64517bf5c26af56b6c3566273aad6646c3c4faffected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.31 <= 6.6.*unaffected
LinuxLinux6.8.10 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References