{"vulnerability": "CVE-2024-43911", "sightings": [{"uuid": "2470ffdc-bb9e-428f-8edb-61acc2cd8118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-43911", "type": "seen", "source": "https://t.me/cvedetector/4110", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-43911 - Qualcomm Wi-Fi NULL Pointer Dereference\", \n  \"Content\": \"CVE ID : CVE-2024-43911 \nPublished : Aug. 26, 2024, 11:15 a.m. | 21\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: mac80211: fix NULL dereference at band check in starting tx ba session  \n  \nIn MLD connection, link_data/link_conf are dynamically allocated. They  \ndon't point to vif->bss_conf. So, there will be no chanreq assigned to  \nvif->bss_conf and then the chan will be NULL. Tweak the code to check  \nht_supported/vht_supported/has_he/has_eht on sta deflink.  \n  \nCrash log (with rtw89 version under MLO development):  \n[ 9890.526087] BUG: kernel NULL pointer dereference, address: 0000000000000000  \n[ 9890.526102] #PF: supervisor read access in kernel mode  \n[ 9890.526105] #PF: error_code(0x0000) - not-present page  \n[ 9890.526109] PGD 0 P4D 0  \n[ 9890.526114] Oops: 0000 [#1] PREEMPT SMP PTI  \n[ 9890.526119] CPU: 2 PID: 6367 Comm: kworker/u16:2 Kdump: loaded Tainted: G           OE      6.9.0 #1  \n[ 9890.526123] Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB3WW (2.73 ) 11/28/2018  \n[ 9890.526126] Workqueue: phy2 rtw89_core_ba_work [rtw89_core]  \n[ 9890.526203] RIP: 0010:ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211  \n[ 9890.526279] Code: f7 e8 d5 93 3e ea 48 83 c4 28 89 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 49 8b 84 24 e0 f1 ff ff 48 8b 80 90 1b 00 00  38 03 0f 84 37 fe ff ff bb ea ff ff ff eb cc 49 8b 84 24 10 f3  \nAll code  \n========  \n   0: f7 e8                 imul   %eax  \n   2: d5                    (bad)  \n   3: 93                    xchg   %eax,%ebx  \n   4: 3e ea                 ds (bad)  \n   6: 48 83 c4 28           add    $0x28,%rsp  \n   a: 89 d8                 mov    %ebx,%eax  \n   c: 5b                    pop    %rbx  \n   d: 41 5c                 pop    %r12  \n   f: 41 5d                 pop    %r13  \n  11: 41 5e                 pop    %r14  \n  13: 41 5f                 pop    %r15  \n  15: 5d                    pop    %rbp  \n  16: c3                    retq  \n  17: cc                    int3  \n  18: cc                    int3  \n  19: cc                    int3  \n  1a: cc                    int3  \n  1b: 49 8b 84 24 e0 f1 ff  mov    -0xe20(%r12),%rax  \n  22: ff  \n  23: 48 8b 80 90 1b 00 00  mov    0x1b90(%rax),%rax  \n  2a:* 83 38 03              cmpl   $0x3,(%rax)    \n[ 9890.526327] ? show_regs (arch/x86/kernel/dumpstack.c:479)  \n[ 9890.526335] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)  \n[ 9890.526340] ? page_fault_oops (arch/x86/mm/fault.c:713)  \n[ 9890.526347] ? search_module_extables (kernel/module/main.c:3256 (discriminator  \n---truncated--- \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-26T13:42:34.000000Z"}, {"uuid": "f3d00231-b547-4eaf-a6ff-447cea161f9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-43911", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}