7.8

CVE-2024-36921

wifi: iwlwifi: mvm: guard against invalid STA ID on removal

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: guard against invalid STA ID on removal

Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would
result in out-of-bounds array accesses. This prevents issues should the
driver get into a bad state during error handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 6.6.31
LinuxLinux Kernel Version >= 6.7 < 6.8.10
LinuxLinux Kernel Version6.9 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.143
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f
Patch
https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294
Patch
https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f
Patch