PT-2024-8440 · Linux+4 · Linux Kernel+4

Published

2024-01-18

Updated

2025-02-03

CVE-2024-27391

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to errors in memory deallocation in the wilc1000 component of the Linux kernel. This issue can cause a denial of service. The problem arises from the reallocation of the workqueue every time an interface is added, which can lead to the overwriting of the workqueue with a new one. This can be observed by running specific commands that add and remove interfaces, resulting in multiple workqueue instances being created. To fix this leakage, the allocation of hif workqueue has been moved back to wilc cfg80211 init. The workqueue name has also been modified to include the wiphy name for clarity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-40325

BDU:2024-09999

CVE-2024-27391

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-8440 · Linux+4 · Linux Kernel+4

CVE-2024-27391

Weakness Enumeration

Related Identifiers

Affected Products

References · 2149