CVE-2024-26610

wifi: iwlwifi: fix a memory corruption

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: fix a memory corruption

iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that
if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in
bytes, we'll write past the buffer.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: corrige una corrupción de memoria iwl_fw_ini_trigger_tlv::data es un puntero a un __le32, lo que significa que si copiamos a iwl_fw_ini_trigger_tlv::data + offset mientras el offset está en bytes, escribiremos más allá del búfer.

A memory corruption flaw was found in the Linux kernel Intel Wireless WiFi Next Gen AGN module. This issue could allow a local user to crash the system.

*Credits: N/A

CVSS Scores

Red Hatv3.1 6.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-02-29 CVE Published
2024-03-01 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-680: Integer Overflow to Buffer Overflow

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/cf29c5b66b9f83939367d90679eb68cdfa2f0356	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a	2024-02-23
https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd	2024-02-23
https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32	2024-02-01
https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b	2024-02-01
https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67	2024-02-01
https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d	2024-01-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26610	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2269213	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.1.76 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.1.76"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.6.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.6.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.7.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.7.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 6.8"		en		Affected