CVE-2024-49929

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A NULL pointer dereference issue has been resolved in the Linux kernel. The issue occurs in the iwl mvm tx skb sta() and iwl mvm tx mpdu() functions, which verify that the mvmvsta pointer is not NULL. The pointer is retrieved using iwl mvm sta from mac80211, which dereferences the ieee80211 sta pointer. If the sta pointer is NULL, iwl mvm sta from mac80211 will dereference a NULL pointer. The fix involves checking the sta pointer before retrieving the mvmsta from it.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider implementing checks to prevent NULL pointer dereferences in the affected functions. Restrict access to the vulnerable iwl mvm tx skb sta() and iwl mvm tx mpdu() functions to minimize the risk of exploitation. Avoid using the sta pointer in the affected code paths until the issue is resolved.