CVE-2024-41071

Updated: 2024-09-14 04:51:36.42654

Description:

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Avoid address calculations via out of bounds array indexing req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2024:1728936982 2024-10-14 17:35:10
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH In Testing 2024-10-04 17:29:19
CentOS 6 ELS kernel 2.6.32 7.8 HIGH In Rollout CLSA-2024:1728297376 2024-10-07 10:52:08
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2024:1727167500 2024-10-03 15:25:45
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1727690947 2024-09-30 10:50:19
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2024:1727690025 2024-09-30 10:50:19
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH In Testing 2024-10-06 17:29:35
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Ignored 2024-10-09 03:46:22
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Needs Triage 2024-09-14 04:47:32
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2024:1728298943 2024-10-07 10:52:07
Total: 13