PT-2024-35538 · Linux+5 · Linux Kernel+5

Published

2024-10-25

·

Updated

2025-09-29

·

CVE-2024-53074

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.6
Description A vulnerability in the Linux kernel has been resolved, specifically in the wifi: iwlwifi: mvm module. The issue was related to a link leak on AP removal, which impacted devices that do not support the MLD API, such as those with versions 9260 and down. This meant that on affected devices, the AP could not be started again after it had been started and stopped. The vulnerability required local network access to exploit and could lead to information disclosure.
Recommendations For Linux kernel versions prior to 6.11.6, upgrade to a version that includes the fix for this issue to mitigate the risk. As a temporary workaround, consider restricting access to the wifi: iwlwifi: mvm module until a patch is available.

Exploit

Fix

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-17211
BDU:2025-15055
CVE-2024-53074
INFSA-2025_6966
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:02070-1
SUSE-SU-2025:02077-1
SUSE-SU-2025:02116-1
SUSE-SU-2025:02127-1
SUSE-SU-2025:02162-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
SUSE-SU-2025:20431-1
SUSE-SU-2025:20435-1
SUSE-SU-2025:20436-1
SUSE-SU-2025:20437-1
SUSE-SU-2025:20448-1
SUSE-SU-2025:20450-1
USN-7276-1
USN-7277-1
USN-7310-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu