CVE-2024-27434: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
First published: Fri May 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.6.23 | 6.6.23 |
| redhat/kernel | <6.7.11 | 6.7.11 |
| redhat/kernel | <6.8.2 | 6.8.2 |
| redhat/kernel | <6.9 | 6.9 |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.21-1 | |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715
- https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628
- https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8
- https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c
- https://launchpad.net/bugs/cve/CVE-2024-27434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27434
- https://nvd.nist.gov/vuln/detail/CVE-2024-27434
- https://security-tracker.debian.org/tracker/CVE-2024-27434
- https://ubuntu.com/security/CVE-2024-27434
- https://access.redhat.com/security/cve/CVE-2024-27434
- https://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-27434-ac61@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2281134
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://access.redhat.com/errata/RHSA-2024:5363
- https://bugzilla.redhat.com/show_bug.cgi?id=2281133
- https://git.kernel.org/linus/e35f316bce9e5733c9826120c1838f4c447b2c4c
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-27434?
CVE-2024-27434 is considered a high-severity vulnerability due to the potential for system instability and crashes.
How do I fix CVE-2024-27434?
To fix CVE-2024-27434, update the Linux kernel to version 6.6.23, 6.7.11, 6.8.2, 6.9, or the specified versions for Debian's linux packages.
Who is affected by CVE-2024-27434?
CVE-2024-27434 affects users of specific versions of the Linux kernel from Red Hat and Debian.
What vulnerabilities does CVE-2024-27434 address?
CVE-2024-27434 addresses an issue with the MFP flag in the iwlwifi driver that can cause firmware crashes.
Is CVE-2024-27434 related to any specific configurations?
Yes, CVE-2024-27434 is particularly relevant for systems configured with group cipher TKIP and MFPC.
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/usn-cve
- source/Ubuntu
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-27434
- agent/software-canonical-lookup
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/last-modified-date
- agent/references
- agent/source
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- package-manager/redhat
- package-manager/debian
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2