CVE-2024-40929
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of-bound access. Fix this by checking n_ssids first.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | c1a7515393e403758a684fd0a2372af466675b15 < 3c4771091ea8016c8601399078916f722dd8833b | affected |
| Linux | Linux | c1a7515393e403758a684fd0a2372af466675b15 < f777792952d03bbaf8329fdfa99393a5a33e2640 | affected |
| Linux | Linux | c1a7515393e403758a684fd0a2372af466675b15 < 9e719ae3abad60e245ce248ba3f08148f375a614 | affected |
| Linux | Linux | c1a7515393e403758a684fd0a2372af466675b15 < 29a18d56bd64b95bd10bda4afda512558471382a | affected |
| Linux | Linux | c1a7515393e403758a684fd0a2372af466675b15 < 62e007bdeb91c6879a4652c3426aef1cd9d2937b | affected |
| Linux | Linux | c1a7515393e403758a684fd0a2372af466675b15 < 60d62757df30b74bf397a2847a6db7385c6ee281 | affected |
| Linux | Linux | 4.17 | affected |
| Linux | Linux | 0 < 4.17 | unaffected |
| Linux | Linux | 5.10.221 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.162 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.95 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.35 <= 6.6.* | unaffected |
| Linux | Linux | 6.9.6 <= 6.9.* | unaffected |
| Linux | Linux | 6.10 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b
- https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640
- https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614
- https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a
- https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b
- https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b
- https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640
- https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614
- https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a
- https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b
- https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.