CVE-2024-53059: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=5.1<5.4.285 | |
| Linux Kernel | >=5.5<5.10.229 | |
| Linux Kernel | >=5.11<5.15.171 | |
| Linux Kernel | >=5.16<6.1.116 | |
| Linux Kernel | >=6.2<6.6.60 | |
| Linux Kernel | >=6.7<6.11.7 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/9c98ee7ea463a838235e7a0e35851b38476364f2
- https://git.kernel.org/stable/c/45a628911d3c68e024eed337054a0452b064f450
- https://git.kernel.org/stable/c/3f45d590ccbae6dfd6faef54efe74c30bd85d3da
- https://git.kernel.org/stable/c/64d63557ded6ff3ce72b18ab87a6c4b1b652161c
- https://git.kernel.org/stable/c/3eb986c64c6bfb721950f9666a3b723cf65d043f
- https://git.kernel.org/stable/c/9480c3045f302f43f9910d2d556d6cf5a62c1822
- https://git.kernel.org/stable/c/07a6e3b78a65f4b2796a8d0d4adb1a15a81edead
Frequently Asked Questions
What is the severity of CVE-2024-53059?
CVE-2024-53059 is considered a medium severity vulnerability in the Linux kernel.
How do I fix CVE-2024-53059?
To fix CVE-2024-53059, upgrade to a patched version of the Linux kernel that addresses this issue.
What versions of the Linux kernel are affected by CVE-2024-53059?
CVE-2024-53059 affects Linux kernel versions between 5.1 and 5.4.285, 5.5 and 5.10.229, 5.11 and 5.15.171, 5.16 and 6.1.116, 6.2 and 6.6.60, and 6.7 and 6.11.7.
What is the main issue with CVE-2024-53059?
The main issues with CVE-2024-53059 are the lack of validation for the response packet size and failure to free the response buffer.
Is CVE-2024-53059 a remote or local vulnerability?
CVE-2024-53059 is classified as a local vulnerability affecting components of the Linux kernel.
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/severity
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.1
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5