CVE-2024-26694

wifi: iwlwifi: fix double-free bug

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: fix double-free bug

The storage for the TLV PC register data wasn't done like all
the other storage in the drv->fw area, which is cleared at the
end of deallocation. Therefore, the freeing must also be done
differently, explicitly NULL'ing it out after the free, since
otherwise there's a nasty double-free bug here if a file fails
to load after this has been parsed, and we get another free
later (e.g. because no other file exists.) Fix that by adding
the missing NULL assignment.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: iwlwifi: corrige el error de doble liberación El almacenamiento de los datos de registro de PC TLV no se realizó como el resto del almacenamiento en el área drv->fw, que se borra en el fin de la desasignación. Por lo tanto, la liberación también debe realizarse de manera diferente, anulándolo explícitamente después de la liberación, ya que de lo contrario hay un desagradable error de doble liberación aquí si un archivo no se carga después de haber sido analizado y obtenemos otra liberación más tarde (por ejemplo porque no existe ningún otro archivo). Solucione el problema agregando la asignación NULL que falta.

A vulnerability was found in the Linux kernel's iwlwifi driver, where the TLV PC register data being freed is not properly marked as NULL afterwards, resulting in a double-free issue. This could lead to memory corruption or crashes.

*Credits: N/A

CVSS Scores

Red Hatv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-04-04 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-415: Double Free

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/5e31b3df86ec6fbb925eee77fe2c450099c61dff	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ab9d4bb9a1892439b3123fc52b19e32b9cdf80ad	2024-02-23
https://git.kernel.org/stable/c/d24eb9a27bea8fe5237fa71be274391d9d51eff2	2024-02-23
https://git.kernel.org/stable/c/353d321f63f7dbfc9ef58498cc732c9fe886a596	2024-01-26

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26694	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2273092	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.18"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.7.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.4 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.8"		en		Affected