CVE-2024-26779

wifi: mac80211: fix race condition on enabling fast-xmit

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: corrige la condición de ejecución al habilitar fast-xmit fast-xmit solo debe habilitarse después de que el sta se haya cargado en el controlador; de lo contrario, podría terminar pasando el error sta aún cargada a través de llamadas drv_tx al controlador, lo que genera posibles fallas debido a datos drv_priv no inicializados. Agregue una estación faltante->comprobación cargada y vuelva a verificar la transmisión rápida después de insertar una estación.

A vulnerability was found in the mac80211 driver in the Linux kernel. This issue could lead to potential crashes or memory corruption due to of a situation where the driver attempts to utilize data structures that haven't been fully initialized yet.

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (12)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587	2024-03-01
https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5	2024-03-01
https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd	2024-03-01
https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d	2024-03-01
https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696	2024-03-01
https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954	2024-03-01
https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9	2024-03-01
https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f	2024-01-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26779	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2273223	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.308 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.308"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.270 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.270"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.211 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.150 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 6.8 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8"		en		Affected