CVE-2024-28084

Name of the Vulnerable Software and Affected Versions iNet wireless daemon (IWD) versions 2.15 and earlier

Description The issue is related to initialization problems in the p2putil.c component of the iNet wireless daemon (IWD), which can cause a denial of service (daemon crash) or possibly have other unspecified impacts when parsing of advertised service information fails. This can be exploited by a remote attacker. The vulnerability is particularly powerful as it can lead to information leaks, helping to bypass ASLR and other hardening measures. The problem occurs in the extract p2p advertised service info() function, where errors in processing can result in a double-free condition.

Recommendations For iNet wireless daemon (IWD) versions 2.15 and earlier, consider disabling the extract p2p advertised service info() function as a temporary workaround until a patch is available. Restrict access to the vulnerable p2putil.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.