CVE-2024-53055

wifi: iwlwifi: mvm: fix 6 GHz scan construction

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: fix 6 GHz scan construction

If more than 255 colocated APs exist for the set of all
APs found during 2.4/5 GHz scanning, then the 6 GHz scan
construction will loop forever since the loop variable
has type u8, which can never reach the number found when
that's bigger than 255, and is stored in a u32 variable.
Also move it into the loops to have a smaller scope.

Using a u32 there is fine, we limit the number of APs in
the scan list and each has a limit on the number of RNR
entries due to the frame size. With a limit of 1000 scan
results, a frame size upper bound of 4096 (really it's
more like ~2300) and a TBTT entry size of at least 11,
we get an upper bound for the number of ~372k, well in
the bounds of a u32.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-11-19 CVE Published
2024-11-19 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/eae94cf82d7456b57fa9fd55c1edb8a726dcc19c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f	2024-11-08
https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875	2024-11-08
https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef	2024-11-08
https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f	2024-11-08
https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a	2024-10-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.15.171 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.171"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.1.116 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.1.116"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.6.60 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.6.60"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.11.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.11.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 6.12"		en		Affected