CVE-2024-35937Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read14 documents7 sources
Severity
7.1HIGHNVD
OSV6.8
EPSS
0.0%
top 96.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMay 19
Latest updateJul 26

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more careful and check if the subframe header can even be present.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

NVDlinux/linux_kernel6.76.8.6+1
Debianlinux/linux_kernel< 6.1.112-1+2
Ubuntulinux/linux_kernel< 6.8.0-38.38
CVEListV5linux/linux966d5c2c22edcc0ab3d519af39f91a29329c979a9eb3bc0973d084423a6df21cf2c74692ff05647e+4
debiandebian/linux< linux 6.1.112-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
linux-oracle vulnerabilities2024-07-26
OSV
linux-aws vulnerabilities2024-07-23
OSV
linux-gke, linux-nvidia vulnerabilities2024-07-16
OSV
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities2024-07-11
GHSA
GHSA-45rj-9f26-3gf5: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's anot2024-05-19

📋Vendor Advisories

6
Ubuntu
Linux kernel vulnerabilities2024-07-26
Ubuntu
Linux kernel vulnerabilities2024-07-23
Ubuntu
Linux kernel vulnerabilities2024-07-16
Ubuntu
Linux kernel vulnerabilities2024-07-11
Red Hat
kernel: wifi: cfg80211: check A-MSDU format more carefully2024-05-19

💬Community

1
Bugzilla
CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully2024-05-20