SecuriTricks - CVE-2024-53074

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't leak a link on AP removal Release the link mapping resource in AP removal. This impacted devices that do not support the MLD API (9260 and down). On those devices, we couldn't start the AP again after the AP has been already started and stopped.

Product(s) Impacted

Vendor	Product	Versions
Linux	Linux Kernel	*, 6.12

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-772

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	linux	linux_kernel	/	/	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc1	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc2	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc3	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc4	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc5	/	/	/	/	/	/
o	linux	linux_kernel	6.12	rc6	/	/	/	/	/	/

References

https://git.kernel.org/stable/c/3ed092997a004d68a3a5b0eeb94e71b69839d0f7

https://git.kernel.org/stable/c/70ddf9ce1894c48dbbf10b0de51a95e4fb3dd376

CVSS Score

5.5 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: Nov. 19, 2024, 6:15 p.m.
Last Modified: Nov. 25, 2024, 1:51 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVE-2024-53074