PT-2024-8310 · Linux+9 · Linux Kernel+9

Johannes Berg

Published

2024-01-18

Updated

2025-09-29

CVE-2024-35838

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a potential sta-link leak in the mac80211 component of the Linux kernel. When a station is allocated, links are added but not set to valid yet, and if the station is removed without marking the links as valid, it may cause a leak. This could potentially allow an attacker to gain access to confidential information. The vulnerability is related to the function sta info free() and may be exploited to disclose information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Information Disclosure

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-401

Related Identifiers

ALSA-2024:4211

ALSA-2024:4352

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

BDU:2024-09863

CESA-2024_4211

CESA-2024_4352

CVE-2024-35838

INFSA-2024_4211

INFSA-2024_4352

INFSA-2024_9315

RHSA-2024:4211

RHSA-2024:4352

RHSA-2024:9315

RHSA-2024_4211

RHSA-2024_4352

RHSA-2024_9315

RHSA-2025:9584

RLSA-2024:4211

RLSA-2024:4352

RXSA-2024:4211

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-8310 · Linux+9 · Linux Kernel+9

CVE-2024-35838

Weakness Enumeration

Related Identifiers

Affected Products

References · 3161