PT-2024-8249 · Linux+9 · Linux Kernel+9

Published

2024-02-15

·

Updated

2025-12-17

·

CVE-2024-27410

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the nl80211 component in the Linux kernel, where it's possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211 change iface() to do wrong things when switching. The vulnerability is related to errors in resource management in the nl80211 set interface() function.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2024:4211
ALSA-2024:4352
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-09802
CESA-2024_4211
CESA-2024_4352
CVE-2024-27410
DLA-3840-1
DLA-3842-1
INFSA-2024_4211
INFSA-2024_4352
INFSA-2024_9315
RHSA-2024:4211
RHSA-2024:4352
RHSA-2024:9315
RHSA-2024_4211
RHSA-2024_4352
RHSA-2024_9315
RHSA-2025:3510
RLSA-2024:4211
RLSA-2024:4352
RXSA-2024:4211
SUSE-SU-2024:2008-1
SUSE-SU-2024:2019-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2190-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2360-1
SUSE-SU-2024:2381-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20249-1
USN-6820-1
USN-6820-2
USN-6821-1
USN-6821-2
USN-6821-3
USN-6821-4
USN-6828-1
USN-6831-1
USN-6867-1
USN-6871-1
USN-6892-1
USN-6919-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu