CVE-2024-50235

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.61

Description The issue is related to the cfg80211 unregister wdev() function in the Linux kernel's net/wireless/core.c module, which is associated with a double-free vulnerability. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when the wdev->cqm config pointer is not cleared after being freed during the unregistering process, potentially leading to a double-free error if the same wdev/netdev is re-registered in another network namespace and then destroyed later.

Recommendations For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the cfg80211 module until a patch is available. Restrict access to the wdev->cqm config pointer to minimize the risk of exploitation. Avoid using the wdev->cqm config pointer in the affected code path until the issue is resolved.