CVE-2024-36921

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue is related to the wifi component of the Linux kernel, specifically the iwlwifi driver. It involves guarding against invalid station IDs in the iwl mvm mld rm sta id function to prevent out-of-bounds array accesses. This prevents issues that may occur when the driver gets into a bad state during error handling.

Recommendations Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the wifi component until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

ALSA-2024:5363

ALSA-2025_16880

AZL-57558

BDU:2025-04380

CESA-2024_5101

CESA-2024_5102

CVE-2024-36921

ECHO-2679-D435-5160

INFSA-2024_5101

INFSA-2024_5102

INFSA-2024_5363

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-2296

OPENSUSE-SU-2024:14314-1

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5363

RHSA-2024_5101

RHSA-2024_5102

RHSA-2024_5363

RLSA-2024:5101

RLSA-2024:5102

RLSA-2024:5363

RXSA-2024:5101

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2024:3032-1

SUSE-SU-2024:3060-1

SUSE-SU-2024:3370-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2024-36921

Weakness Enumeration

Related Identifiers

Affected Products

References · 3748