1. Home
  2. Vulnerabilities
  3. CVE-2024-38562

CVE-2024-38562

CVSS v3.1 7.8 (High)
78% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 8
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In the Linux kernel, the following vulnerability has been resolved:

wifi: nl80211: Avoid address calculations via out of bounds array indexing

Before request->channels[] can be used, request->n_channels must be set.
Additionally, address calculations for memory after the "channels" array
need to be calculated from the allocation base ("request") rather than
via the first "out of bounds" index of "channels", otherwise run-time
bounds checking will throw a warning.

Weaknesses
CWE-129
Improper Validation of Array Index
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
kernel.org
Published Date
2024-06-19 14:15:16
(2 months ago)
Updated Date
2024-08-30 12:47:20
(2 weeks ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 6.6 version and prior 6.6.33 version cpe:2.3:o:linux:linux_kernel >= 6.6 < 6.6.33
  Linux Kernel from 6.7 version and prior 6.8.12 version cpe:2.3:o:linux:linux_kernel >= 6.7 < 6.8.12
  Linux Kernel from 6.9 version and prior 6.9.3 version cpe:2.3:o:linux:linux_kernel >= 6.9 < 6.9.3