PT-2024-9799 · Linux+7 · Linux Kernel+7

Nathan Chancellor

Published

2024-05-03

Updated

2025-09-29

CVE-2024-38562

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the nl80211 component of the Linux kernel, where address calculations via out of bounds array indexing can occur. Before request->channels[] can be used, request->n channels must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning. This vulnerability may allow an attacker to cause a denial of service.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

ALSA-2024:6997

ALSA-2025_16880

ALT-PU-2024-13979

BDU:2024-11573

CVE-2024-38562

INFSA-2024_6997

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1836

RHSA-2024:6997

RHSA-2024_6997

SUSE-SU-2024:2571-1

SUSE-SU-2024:2896-1

SUSE-SU-2024:2973-1

SUSE-SU-2025:20008-1

SUSE-SU-2025:20028-1

USN-6949-1

USN-6949-2

USN-6952-1

USN-6952-2

USN-6955-1

Affected Products

Alt Linux

Almalinux

Linuxmint

Linux Kernel

Red Hat

Red Os

Suse

Ubuntu

PT-2024-9799 · Linux+7 · Linux Kernel+7

CVE-2024-38562

Weakness Enumeration

Related Identifiers

Affected Products

References · 2277