In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Avoid address calculations via out of bounds array indexing
req->n_channels must be set before req->channels[] can be used.
This patch fixes one of the issues encountered in [1].
[ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4
[ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]'
[...]
[ 83.964264] Call Trace:
[ 83.964267] <TASK>
[ 83.964269] dump_stack_lvl+0x3f/0xc0
[ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110
[ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0
[ 83.964281] __ieee80211_start_scan+0x601/0x990
[ 83.964291] nl80211_trigger_scan+0x874/0x980
[ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160
[ 83.964298] genl_rcv_msg+0x240/0x270
[...]
[1] https://bugzilla.kernel.org/show_bug.cgi?id=218810
References
Configurations
History
21 Nov 2024, 09:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/2663d0462eb32ae7c9b035300ab6b1523886c718 - Patch | |
References | () https://git.kernel.org/stable/c/4f43a614b1b84f0d1e3c48cc541c3bfdf414a6d0 - Patch |
17 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Aug 2024, 14:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
Summary |
|
|
First Time |
Linux
Linux linux Kernel |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | () https://git.kernel.org/stable/c/2663d0462eb32ae7c9b035300ab6b1523886c718 - Patch | |
References | () https://git.kernel.org/stable/c/4f43a614b1b84f0d1e3c48cc541c3bfdf414a6d0 - Patch | |
CWE | CWE-129 |
29 Jul 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-29 15:15
Updated : 2024-11-21 09:32
NVD link : CVE-2024-41071
Mitre link : CVE-2024-41071
CVE.ORG link : CVE-2024-41071
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-129
Improper Validation of Array Index