CVE-2024-56539
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
Replace one-element array with a flexible-array member in struct mwifiex_ie_types_wildcard_ssid_params to fix the following warning
on a MT8173 Chromebook (mt8173-elm-hana):
[ 356.775250] ————[ cut here ]———— [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]
The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like:
ssid_len = user_scan_in->ssid_list[i].ssid_len;
[...]
memcpy(wildcard_ssid_tlv->ssid,
user_scan_in->ssid_list[i].ssid, ssid_len);
There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < a09760c513ae0f98c7082a1deace7fb6284ee866 | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < 1de0ca1d7320a645ba2ee5954f64be08935b002a | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < 5fa329c44e1e635da2541eab28b6cdb8464fc8d1 | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < 581261b2d6fdb4237b24fa13f5a5f87bf2861f2c | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < b466746cfb6be43f9a1457bbee52ade397fb23ea | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < c4698ef8c42e02782604bf4f8a489dbf6b0c1365 | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < e2de22e4b6213371d9e76f74a10ce817572a8d74 | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < d7774910c5583e61c5fe2571280366624ef48036 | affected |
| Linux | Linux | 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e < d241a139c2e9f8a479f25c75ebd5391e6a448500 | affected |
| Linux | Linux | 3.0 | affected |
| Linux | Linux | 0 < 3.0 | unaffected |
| Linux | Linux | 4.19.325 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.287 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.231 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.174 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.120 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.64 <= 6.6.* | unaffected |
| Linux | Linux | 6.11.11 <= 6.11.* | unaffected |
| Linux | Linux | 6.12.2 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
References
- https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866
- https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a
- https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1
- https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c
- https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea
- https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365
- https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74
- https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036
- https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.