CVE-2024-27410

wifi: nl80211: reject iftype change with mesh ID change

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

wifi: nl80211: reject iftype change with mesh ID change

It's currently possible to change the mesh ID when the
interface isn't yet in mesh mode, at the same time as
changing it into mesh mode. This leads to an overwrite
of data in the wdev->u union for the interface type it
currently has, causing cfg80211_change_iface() to do
wrong things when switching.

We could probably allow setting an interface to mesh
while setting the mesh ID at the same time by doing a
different order of operations here, but realistically
there's no userspace that's going to do this, so just
disallow changes in iftype when setting mesh ID.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: rechazar cambio de tipo con cambio de ID de malla Actualmente es posible cambiar el ID de malla cuando la interfaz aún no está en modo malla, al mismo tiempo que se cambia a modo malla. Esto lleva a una sobrescritura de datos en la unión wdev->u para el tipo de interfaz que tiene actualmente, causando que cfg80211_change_iface() haga cosas incorrectas al cambiar. Probablemente podríamos permitir configurar una interfaz para malla mientras configuramos la ID de malla al mismo tiempo haciendo un orden diferente de operaciones aquí, pero en realidad no hay ningún espacio de usuario que vaya a hacer esto, así que simplemente no permita cambios en iftype al configurar la ID de malla.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/7b0a0e3c3a88260b6fcb017e49f198463aa62ed1	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d	2024-03-06
https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9	2024-03-06
https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980	2024-03-06
https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995	2024-03-06
https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2	2024-03-06
https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df	2024-03-06
https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838	2024-03-06
https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e	2024-02-15

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-27410	2024-07-08
https://bugzilla.redhat.com/show_bug.cgi?id=2281113	2024-07-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 4.19.309 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 4.19.309"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 5.4.271 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 5.4.271"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 5.10.212 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 5.10.212"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 5.15.151 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 5.15.151"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.1.81 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.81"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.6.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.7.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.7.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.0 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.8"		en		Affected