CVE-2024-57997

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: wcn36xx: fix channel survey memory allocation size

KASAN reported a memory allocation issue in wcn->chan_survey due to incorrect size calculation. This commit uses kcalloc to allocate memory for wcn->chan_survey, ensuring proper initialization and preventing the use of uninitialized values when there are no frames on the channel.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux29696e0aa413b9d56558731aae3806d7cff48d36 < ae68efdff7a7a42ab251cac79d8713de6f0dbaa0affected
LinuxLinux29696e0aa413b9d56558731aae3806d7cff48d36 < e95f9c408ff8311f75eeabc8acf34a66670d8815affected
LinuxLinux29696e0aa413b9d56558731aae3806d7cff48d36 < 64c4dcaeac1dc1030e47883b04a617ca9a4f164eaffected
LinuxLinux29696e0aa413b9d56558731aae3806d7cff48d36 < 34cd2817708aec51ef1a6c007e0d6d5342a025d7affected
LinuxLinux29696e0aa413b9d56558731aae3806d7cff48d36 < 6200d947f050efdba4090dfefd8a01981363d954affected
LinuxLinux5.18affected
LinuxLinux0 < 5.18unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.76 <= 6.6.*unaffected
LinuxLinux6.12.13 <= 6.12.*unaffected
LinuxLinux6.13.2 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References