CVE-2024-35789
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the
fast_rx entry still holds a pointer to the VLAN's netdev, which can cause
use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx
after the VLAN change.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: comprobar/borrar fast rx para cambios de VLAN que no sean 4addr sta Al mover una estación fuera de una VLAN y eliminar la VLAN después, la entrada fast_rx todavía contiene un puntero a netdev de la VLAN, lo que puede causar errores de uso después de la liberación. Solucione este problema llamando inmediatamente a ieee80211_check_fast_rx después del cambio de VLAN.
CVE-2024-35789 is a vulnerability in the Linux kernel’s Wi-Fi subsystem (mac80211). It occurs when a station is moved out of a VLAN, and the VLAN is subsequently deleted. A reference to the deleted VLAN’s network device may remain, leading to a use-after-free condition. This can result in system instability or crashes. The issue has been resolved by ensuring that outdated references are cleared when a station changes VLANs.
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change.
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-17 CVE Reserved
- 2024-05-17 CVE Published
- 2024-12-19 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html |
|
|
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-35789 | 2024-09-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2281057 | 2024-09-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.312" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.274" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.215" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.15.154 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.154" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " < 6.1.84" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " < 6.6.24" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " < 6.7.12" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.8.3 Search vendor "Linux" for product "Linux Kernel" and version " < 6.8.3" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " < 6.9" | en |
Affected
|