CVE-2024-38562

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

30 Aug 2024, 12:47

Type Values Removed Values Added
CWE CWE-129
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/4e2a5566462b53db7d4c4722da86eedf0b8f546c - () https://git.kernel.org/stable/c/4e2a5566462b53db7d4c4722da86eedf0b8f546c - Patch
References () https://git.kernel.org/stable/c/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 - () https://git.kernel.org/stable/c/838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 - Patch
References () https://git.kernel.org/stable/c/8fa4d56564ee7cc2ee348258d88efe191d70dd7f - () https://git.kernel.org/stable/c/8fa4d56564ee7cc2ee348258d88efe191d70dd7f - Patch
References () https://git.kernel.org/stable/c/ed74398642fcb19f6ff385c35a7d512c6663e17b - () https://git.kernel.org/stable/c/ed74398642fcb19f6ff385c35a7d512c6663e17b - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

20 Jun 2024, 12:44

Type Values Removed Values Added
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: evitar cálculos de direcciones mediante indexación de matrices fuera de los límites Antes de poder utilizar request->channels[], se debe configurar request->n_channels. Además, los cálculos de direcciones para la memoria después de la matriz de "canales" deben calcularse a partir de la base de asignación ("solicitud") en lugar de mediante el primer índice "fuera de los límites" de "canales"; de lo contrario, la verificación de los límites en tiempo de ejecución arrojará un advertencia.

19 Jun 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-19 14:15

Updated : 2024-10-30 20:35


NVD link : CVE-2024-38562

Mitre link : CVE-2024-38562

CVE.ORG link : CVE-2024-38562


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-129

Improper Validation of Array Index