PT-2024-21470 · Linux+7 · Linux Kernel+7

Emmanuel Grumbach

·

Published

2024-04-03

·

Updated

2025-09-29

·

CVE-2024-26693

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A DoS tool that injects loads of authentication frames can cause the AP to crash. The iwl mvm is dup() function couldn't find the per-queue dup data which was not allocated. The root cause is that the firmware ran out of stations and didn't return an error to mac80211. This allowed ieee80211 find sta by ifaddr() to return a valid station object, but the ieee80211 sta didn't have any iwl mvm sta object initialized, causing a crash when receiving data on that station.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALSA-2024:3618
ALSA-2024:3627
ALSA-2025_16880
CESA-2024_3618
CESA-2024_3627
CVE-2024-26693
INFSA-2024_3618
INFSA-2024_3627
RHSA-2024:3618
RHSA-2024:3627
RHSA-2024_3618
RHSA-2024_3627
RLSA-2024:3618
RLSA-2024:3627
USN-6895-1
USN-6895-2
USN-6895-3
USN-6895-4
USN-6900-1

Affected Products

Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Ubuntu