CVE-2024-43911

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0

Description A NULL pointer dereference vulnerability was found in the Linux kernel's wifi module, specifically in the mac80211 subsystem. The issue occurs when starting a tx ba session in an MLD connection, where link data/link conf are dynamically allocated but do not point to vif->bss conf, resulting in a NULL chanreq. The code has been tweaked to check for ht supported/vht supported/has he/has eht on sta deflink to resolve the issue.

Recommendations To resolve this issue, update the Linux kernel to version 6.9.0 or later. If updating is not possible, consider disabling the wifi module or restricting its use until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2025-12647

AZL-48200

AZL-48258

BDU:2025-03098

CVE-2024-43911

DLA-4008-1

DSA-5818-1

INFSA-2024_9315

OESA-2024-2445

OESA-2024-2446

OESA-2024-2447

OESA-2024-2448

RHSA-2024:9315

RHSA-2024_9315

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3383-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7196-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

CVE-2024-43911

Weakness Enumeration

Related Identifiers

Affected Products

References · 1607