5.5

CVE-2024-35912

wifi: iwlwifi: mvm: rfi: fix potential response leaks

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: rfi: fix potential response leaks

If the rx payload length check fails, or if kmemdup() fails,
we still need to free the command response. Fix that.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.12 < 5.15.154
LinuxLinux Kernel Version >= 5.16 < 6.1.85
LinuxLinux Kernel Version >= 6.2 < 6.6.26
LinuxLinux Kernel Version >= 6.7 < 6.8.5
LinuxLinux Kernel Version6.9 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/06a093807eb7b5c5b29b6cff49f8174a4e702341
Patch
https://git.kernel.org/stable/c/28db0ae86cb91a4ab0e855cff779daead936b7d5
Patch
https://git.kernel.org/stable/c/99a75d75007421d8e08ba139e24f77395cd08f62
Patch
https://git.kernel.org/stable/c/c0a40f2f8eba07416f695ffe2011bf3f8b0b6dc8
Patch
https://git.kernel.org/stable/c/f7f0e784894dfcb265f0f9fa499103b0ca7eabde
Patch