PT-2024-32736 · Linux+6 · Linux Kernel+6

Ma Ke

·

Published

2024-08-13

·

Updated

2025-04-01

·

CVE-2024-47681

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description A NULL pointer dereference issue has been identified in the mt7996 mcu sta bfer he routine when adding an sta interface to the mt7996 driver. This issue was found through a code review. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.
Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the mt7996 mcu sta bfer he routine until a patch is available. Restrict access to the vulnerable mt76 module to minimize the risk of exploitation. Avoid using the sta interface in the affected mt7996 driver until the issue is resolved.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-50649
BDU:2025-02967
CVE-2024-47681
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2325
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2024_3984-1
OPENSUSE-SU-2024_3986-1
OPENSUSE-SU-2025:14705-1
SUSE-SU-2024:3984-1
SUSE-SU-2024:3986-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1

Affected Products

Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu
Mt76
Mt7996