PT-2024-29246 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-05-31

·

Updated

2025-02-03

·

CVE-2024-41072

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43
Description A vulnerability in the Linux kernel has been resolved. The issue is related to the wifi functionality, specifically in the cfg80211 wext siwscan() function, where an extra check has been added to ensure that the number of channels passed via ioctl(sock, SIOCSIWSCAN, ...) does not exceed IW MAX FREQUENCIES. If the number of channels exceeds this limit, the request is rejected with -EINVAL.
Recommendations Update to Linux kernel version 6.6.43 or later to resolve the issue. As a temporary workaround, consider restricting the use of the cfg80211 wext siwscan() function until a patch is available. Avoid using the ioctl(sock, SIOCSIWSCAN, ...) call with a large number of channels until the issue is resolved.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-99

Related Identifiers

BDU:2025-02531
CVE-2024-41072
DLA-4008-1
DSA-5747-1
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-1960
OESA-2024-1961
OESA-2024-1962
OESA-2024-1963
OESA-2024-1964
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2892-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2901-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2940-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7156-1
USN-7194-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu