CVE-2024-53059

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

  1. The size of the response packet is not validated.
  2. The response buffer is not freed.

Resolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 9c98ee7ea463a838235e7a0e35851b38476364f2affected
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 45a628911d3c68e024eed337054a0452b064f450affected
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 3f45d590ccbae6dfd6faef54efe74c30bd85d3daaffected
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 64d63557ded6ff3ce72b18ab87a6c4b1b652161caffected
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 3eb986c64c6bfb721950f9666a3b723cf65d043faffected
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 9480c3045f302f43f9910d2d556d6cf5a62c1822affected
LinuxLinuxf130bb75d8817c560b48c4d1a0e5279968a0859d < 07a6e3b78a65f4b2796a8d0d4adb1a15a81edeadaffected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.229 <= 5.10.*unaffected
LinuxLinux5.15.171 <= 5.15.*unaffected
LinuxLinux6.1.116 <= 6.1.*unaffected
LinuxLinux6.6.60 <= 6.6.*unaffected
LinuxLinux6.11.7 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

Additional References

References