CVE-2024-49857

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: set the cipher for secured NDP ranging

The cipher pointer is not set, but is derefereced trying to set its content, which leads to a NULL pointer dereference. Fix it by pointing to the cipher parameter before dereferencing.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux626be4bf99f6250cd66da5d311a72ad7455c5a64 < b3322a6d6aa9bc17b395c4b38d3b97578887aa8aaffected
LinuxLinux626be4bf99f6250cd66da5d311a72ad7455c5a64 < a949075d4bbf1ca83ccdeaa6ef4ac2ce7526c5f4affected
LinuxLinux6.11affected
LinuxLinux0 < 6.11unaffected
LinuxLinux6.11.2 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References