CVE-2024-35937
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
19/05/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: cfg80211: check A-MSDU format more carefully<br />
<br />
If it looks like there&#39;s another subframe in the A-MSDU<br />
but the header isn&#39;t fully there, we can end up reading<br />
data out of bounds, only to discard later. Make this a<br />
bit more careful and check if the subframe header can<br />
even be present.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.27 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.8.6 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544
- https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9
- https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc
- https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e
- https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544
- https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9
- https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html