cve-2024-53055
Vulnerability from cvelistv5
Published
2024-11-19 17:19
Modified
2024-11-19 17:19
Severity ?
EPSS score ?
Summary
wifi: iwlwifi: mvm: fix 6 GHz scan construction
References
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/mvm/scan.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2ac15e5a8f42", "status": "affected", "version": "eae94cf82d74", "versionType": "git" }, { "lessThan": "cde8a7eb5c67", "status": "affected", "version": "eae94cf82d74", "versionType": "git" }, { "lessThan": "fc621e7a043d", "status": "affected", "version": "eae94cf82d74", "versionType": "git" }, { "lessThan": "2ccd5badadab", "status": "affected", "version": "eae94cf82d74", "versionType": "git" }, { "lessThan": "7245012f0f49", "status": "affected", "version": "eae94cf82d74", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/mvm/scan.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.171", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.116", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.60", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix 6 GHz scan construction\n\nIf more than 255 colocated APs exist for the set of all\nAPs found during 2.4/5 GHz scanning, then the 6 GHz scan\nconstruction will loop forever since the loop variable\nhas type u8, which can never reach the number found when\nthat\u0027s bigger than 255, and is stored in a u32 variable.\nAlso move it into the loops to have a smaller scope.\n\nUsing a u32 there is fine, we limit the number of APs in\nthe scan list and each has a limit on the number of RNR\nentries due to the frame size. With a limit of 1000 scan\nresults, a frame size upper bound of 4096 (really it\u0027s\nmore like ~2300) and a TBTT entry size of at least 11,\nwe get an upper bound for the number of ~372k, well in\nthe bounds of a u32." } ], "providerMetadata": { "dateUpdated": "2024-11-19T17:19:39.037Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f" }, { "url": "https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875" }, { "url": "https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef" }, { "url": "https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f" }, { "url": "https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a" } ], "title": "wifi: iwlwifi: mvm: fix 6 GHz scan construction", "x_generator": { "engine": "bippy-8e903de6a542" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-53055", "datePublished": "2024-11-19T17:19:39.037Z", "dateReserved": "2024-11-19T17:17:24.974Z", "dateUpdated": "2024-11-19T17:19:39.037Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-53055\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-11-19T18:15:25.563\",\"lastModified\":\"2024-11-22T17:18:33.563\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: iwlwifi: mvm: fix 6 GHz scan construction\\n\\nIf more than 255 colocated APs exist for the set of all\\nAPs found during 2.4/5 GHz scanning, then the 6 GHz scan\\nconstruction will loop forever since the loop variable\\nhas type u8, which can never reach the number found when\\nthat\u0027s bigger than 255, and is stored in a u32 variable.\\nAlso move it into the loops to have a smaller scope.\\n\\nUsing a u32 there is fine, we limit the number of APs in\\nthe scan list and each has a limit on the number of RNR\\nentries due to the frame size. With a limit of 1000 scan\\nresults, a frame size upper bound of 4096 (really it\u0027s\\nmore like ~2300) and a TBTT entry size of at least 11,\\nwe get an upper bound for the number of ~372k, well in\\nthe bounds of a u32.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: fix 6 GHz scan construction Si existen m\u00e1s de 255 APs coubicados para el conjunto de todos los APs encontrados durante el escaneo de 2.4/5 GHz, entonces la construcci\u00f3n del escaneo de 6 GHz se repetir\u00e1 eternamente ya que la variable de bucle tiene tipo u8, que nunca puede alcanzar el n\u00famero encontrado cuando es mayor a 255, y se almacena en una variable u32. Tambi\u00e9n mu\u00e9valo a los bucles para tener un alcance menor. Usar un u32 est\u00e1 bien, limitamos el n\u00famero de APs en la lista de escaneo y cada uno tiene un l\u00edmite en el n\u00famero de entradas RNR debido al tama\u00f1o del marco. Con un l\u00edmite de 1000 resultados de escaneo, un l\u00edmite superior de tama\u00f1o de marco de 4096 (realmente es m\u00e1s como ~2300) y un tama\u00f1o de entrada TBTT de al menos 11, obtenemos un l\u00edmite superior para el n\u00famero de ~372k, bien en los l\u00edmites de un u32.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.171\",\"matchCriteriaId\":\"2BE18665-48ED-417A-90AA-41F3AC0B4E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.116\",\"matchCriteriaId\":\"43EFDC15-E4D4-4F1E-B70D-62F0854BFDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.60\",\"matchCriteriaId\":\"75088E5E-2400-4D20-915F-7A65C55D9CCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.7\",\"matchCriteriaId\":\"E96F53A4-5E87-4A70-BD9A-BC327828D57F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F717D8-3014-4F84-8086-0124B2111379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DBE6C7-2AAE-4818-AED2-E131F153D2FA\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.