CVE-2024-41072

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, …)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < b02ba9a0b55b762bd04743a22f3d9f9645005e79affected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < de5fcf757e33596eed32de170ce5a93fa44dd2acaffected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < 6295bad58f988eaafcf0e6f8b198a580398acb3baffected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < a43cc0558530b6c065976b6b9246f512f8d3593baffected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < 001120ff0c9e3557dee9b5ee0d358e0fc189996faffected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < fe9644efd86704afe50e56b64b609de340ab7c95affected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < 35cee10ccaee5bd451a480521bbc25dc9f07fa5baffected
LinuxLinuxb2e3abdc708f8c0eff194af25362fdb239abe241 < 6ef09cdc5ba0f93826c09d810c141a8d103a80fcaffected
LinuxLinux2.6.32affected
LinuxLinux0 < 2.6.32unaffected
LinuxLinux4.19.319 <= 4.19.*unaffected
LinuxLinux5.4.281 <= 5.4.*unaffected
LinuxLinux5.10.223 <= 5.10.*unaffected
LinuxLinux5.15.164 <= 5.15.*unaffected
LinuxLinux6.1.101 <= 6.1.*unaffected
LinuxLinux6.6.42 <= 6.6.*unaffected
LinuxLinux6.9.11 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References