PT-2024-8395 · Linux+8 · Linux Kernel+8

Published

2024-02-08

Updated

2025-09-29

CVE-2024-27434

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the wifi component, specifically the iwlwifi mvm module, where the MFP flag is incorrectly set for the GTK. This can cause the firmware to crash when the AP is configured with group cipher TKIP and MFPC. The firmware does not need the MFP flag for the GTK, and sending the GTK with cipher = TKIP and MFP is not possible.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

ALSA-2024:5363

ALSA-2025_16880

BDU:2024-09954

CESA-2024_5101

CESA-2024_5102

CVE-2024-27434

INFSA-2024_5101

INFSA-2024_5102

INFSA-2024_5363

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5363

RHSA-2024_5101

RHSA-2024_5102

RHSA-2024_5363

RLSA-2024:5101

RLSA-2024:5102

RLSA-2024:5363

RXSA-2024:5101

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20249-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Almalinux

Centos

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-8395 · Linux+8 · Linux Kernel+8

CVE-2024-27434

Weakness Enumeration

Related Identifiers

Affected Products

References · 3612