CVE-2024-36921

Published: May 30, 2024Modified: Mar 1, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would result in out-of-bounds array accesses. This prevents issues should the driver get into a bad state during error handling.

Affected (3)

Products: Linux: Linux Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 6.6.31
Linux Linux Kernel	From 6.7 to 6.8.10
Linux Linux Kernel	Version 6.9 rc1

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.