CVE-2024-27434

wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

The firmware doesn't need the MFP flag for the GTK, it can even make the
firmware crash. in case the AP is configured with: group cipher TKIP and
MFPC. We would send the GTK with cipher = TKIP and MFP which is of course
not possible.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: no configure el indicador MFP para GTK El firmware no necesita el indicador MFP para GTK, incluso puede provocar que el firmware falle. en caso de que el AP esté configurado con: cifrado de grupo TKIP y MFPC. Enviaríamos el GTK con cifrado = TKIP y MFP, lo cual, por supuesto, no es posible.

CVE-2024-27434 is a flaw in the Linux kernel’s iwlwifi driver related to handling Management Frame Protection (MFP) in certain Wi-Fi configurations. When connecting to an access point using TKIP as the group cipher, the driver incorrectly applies the MFP flag to the Group Temporal Key (GTK), which is not supported in this context. This can result in firmware crashes and instability. The issue has been fixed by ensuring the driver does not set the MFP flag for incompatible group ciphers like TKIP. Updating to a patched kernel version is recommended to resolve this vulnerability.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/5c75a208c2449c6ea24f07610cc052f6a352246c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8	2024-03-26
https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715	2024-03-26
https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628	2024-03-26
https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c	2024-02-08

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-27434	2024-08-15
https://bugzilla.redhat.com/show_bug.cgi?id=2281133	2024-08-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.8.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.9"		en		Affected