CVE-2024-53074: wifi: iwlwifi: mvm: don't leak a link on AP removal
First published: Tue Nov 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't leak a link on AP removal Release the link mapping resource in AP removal. This impacted devices that do not support the MLD API (9260 and down). On those devices, we couldn't start the AP again after the AP has been already started and stopped.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.9<6.11.7 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 | |
| Linux Kernel | =6.12-rc4 | |
| Linux Kernel | =6.12-rc5 | |
| Linux Kernel | =6.12-rc6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/70ddf9ce1894c48dbbf10b0de51a95e4fb3dd376
- https://git.kernel.org/stable/c/3ed092997a004d68a3a5b0eeb94e71b69839d0f7
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53074
- https://nvd.nist.gov/vuln/detail/CVE-2024-53074
- https://launchpad.net/bugs/cve/CVE-2024-53074
- https://security-tracker.debian.org/tracker/CVE-2024-53074
- https://ubuntu.com/security/CVE-2024-53074
- https://git.kernel.org/linus/3ed092997a004d68a3a5b0eeb94e71b69839d0f7
Frequently Asked Questions
What is the severity of CVE-2024-53074?
The severity of CVE-2024-53074 is considered to be moderate due to its potential impact on devices not supporting the MLD API.
How do I fix CVE-2024-53074?
To fix CVE-2024-53074, update the Linux kernel to a patched version version above 6.11.7 or 6.12-rc6.
Which versions of the Linux kernel are affected by CVE-2024-53074?
CVE-2024-53074 affects Linux kernel versions from 6.9 to 6.11.7 and specific releases of 6.12 rc1 to rc6.
What does CVE-2024-53074 affect?
CVE-2024-53074 affects the iwlwifi driver related to the management of links during access point removal.
Is CVE-2024-53074 a local or remote vulnerability?
CVE-2024-53074 is primarily a local vulnerability affecting devices that manage Wi-Fi connections.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/source
- agent/references
- agent/tags
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/event
- collector/nvd-cve
- agent/softwarecombine
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.9
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3
- version/linux kernel/6.12-rc4
- version/linux kernel/6.12-rc5
- version/linux kernel/6.12-rc6
- package-manager/debian