Emmanuel Grumbach

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A DoS tool that injects loads of authentication frames can cause the AP to crash. The `iwl mvm is dup()` function couldn't find the per-queue `dup data` which was not allocated. The root cause is that the firmware ran out of stations and didn't return an error to `mac80211`. This allowed `ieee80211 find sta by ifaddr()` to return a valid station object, but the `ieee80211 sta` didn't have any `iwl mvm sta` object initialized, causing a crash when receiving data on that station. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory corruption in the Linux kernel's wifi module, specifically in the iwlwifi driver. The problem occurs when copying data to `iwl fw ini trigger tlv::data` with an offset in bytes, which can cause writing past the buffer. This may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.