Daniel Gabay

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `iwl mvm send recovery cmd()` function in the Linux kernel, specifically in the `drivers/net/wireless/intel/iwlwifi/mvm/fw.c` component. The problem arises from the lack of validation of the response packet size and the failure to free the response buffer. This can lead to a denial of service. The `iwl mvm send cmd status()` function is recommended as it handles both size validation and buffer freeing. **Recommendations** To resolve the issue, switch to using the `iwl mvm send cmd status()` function, which properly handles response packet size validation and frees the buffer, thus addressing the identified problems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.