PT-2024-3474 · Linux+1 · Linux Kernel+1
Published
2024-01-18
·
Updated
2025-03-10
·
CVE-2024-26637
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the ath11k driver in the Linux kernel, where mac80211 started to delete debugfs entries in certain cases, causing ath11k to crash when it tried to delete the entries later. This is fixed by relying on mac80211 to delete the entries when appropriate and adding them from the vif add debugfs handler. The vulnerability is also associated with the function
ath11k debugfs remove interface() in the module drivers/net/wireless/ath/ath11k/debugfs.c, which is related to the repeated freeing of previously freed memory, potentially allowing an attacker to cause a denial of service.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Double Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Suse