CVE-2024-36921

EPSS 0.01%
Published 30.05.2024 16:15:15
Last modified 01.03.2025 02:33:14
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: guard against invalid STA ID on removal

Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would
result in out-of-bounds array accesses. This prevents issues should the
driver get into a bad state during error handling.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 6.6.31

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.10

Linux ≫ Linux Kernel Version6.9 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.012

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f

Patch

https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294

Patch

https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-36921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36921

EUVD