CVE-2024-50008
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
Replace one-element array with a flexible-array member in
struct host_cmd_ds_802_11_scan_ext.
With this, fix the following warning:
elo 16 17:51:58 surfacebook kernel: ————[ cut here ]———— elo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1) elo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < b55c8848fdc81514ec047b2a0ec782ffe9ab5323 | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < f9310a6704bf52e2493480edea896e1f9b795d40 | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < 1756918f51e9ab247a0f4782cc28853c2bb457c1 | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < e59bdb1ba594104cd0ee0af3ee9e4435d842a8fe | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < 17199b69a84798efffc475040fbef44374ef1de1 | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < fef7b51f22cf2049b0ca6740adeb0ba6f2e671dc | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < 71267bd4e8c752d7af6c6b96bb83984a6a95273d | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < a3a12c30f9510f3753286fadbc6cdb7dad78c1d5 | affected |
| Linux | Linux | 21f58d200388480547df909b5464b5aafebf299d < 498365e52bebcbc36a93279fe7e9d6aec8479cee | affected |
| Linux | Linux | 3.15 | affected |
| Linux | Linux | 0 < 3.15 | unaffected |
| Linux | Linux | 4.19.323 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.285 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-355557.html
References
- https://git.kernel.org/stable/c/b55c8848fdc81514ec047b2a0ec782ffe9ab5323
- https://git.kernel.org/stable/c/f9310a6704bf52e2493480edea896e1f9b795d40
- https://git.kernel.org/stable/c/1756918f51e9ab247a0f4782cc28853c2bb457c1
- https://git.kernel.org/stable/c/e59bdb1ba594104cd0ee0af3ee9e4435d842a8fe
- https://git.kernel.org/stable/c/17199b69a84798efffc475040fbef44374ef1de1
- https://git.kernel.org/stable/c/fef7b51f22cf2049b0ca6740adeb0ba6f2e671dc
- https://git.kernel.org/stable/c/71267bd4e8c752d7af6c6b96bb83984a6a95273d
- https://git.kernel.org/stable/c/a3a12c30f9510f3753286fadbc6cdb7dad78c1d5
- https://git.kernel.org/stable/c/498365e52bebcbc36a93279fe7e9d6aec8479cee
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.