SecuriTricks - CVE-2024-50235

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free When we free wdev->cqm_config when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-registered in another network namespace, then destroyed later, running this code again, which results in a double-free.

Product(s) Impacted

Vendor	Product	Versions
Linux	Linux Kernel	*, 6.12

Weaknesses

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc1	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc2	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc3	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc4	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc5	/	/	/	/	/	/

References

https://git.kernel.org/stable/c/64e4c45d23cd7f6167f69cc2d2877bc7f54292e5

https://git.kernel.org/stable/c/6c44abb2d4c3262737d5d67832daebc8cf48b8c9

https://git.kernel.org/stable/c/ba392e1355ba74b1d4fa11b85f71ab6ed7ecc058

https://git.kernel.org/stable/c/d5fee261dfd9e17b08b1df8471ac5d5736070917

CVSS Score

7.8 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Date

Published: Nov. 9, 2024, 11:15 a.m.
Last Modified: Nov. 14, 2024, 2:26 a.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE-2024-50235