What is the severity of CVE-2024-56539?

CVE-2024-56539 has a medium severity rating due to potential risks associated with memory corruption.

How do I fix CVE-2024-56539?

To fix CVE-2024-56539, update to the latest version of the Linux kernel that includes the patch addressing this vulnerability.

What are the potential impacts of CVE-2024-56539?

The potential impacts of CVE-2024-56539 include system instability and possible exploitation leading to unauthorized access.

Which versions of the Linux kernel are affected by CVE-2024-56539?

CVE-2024-56539 affects multiple versions of the Linux kernel prior to the patch being applied.

Who is responsible for resolving CVE-2024-56539?

The Linux kernel development community is responsible for resolving CVE-2024-56539 through updates and patches.

Vulnerability/
CVE-2024-56539

27/12/2024

20/1/2025

CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()

First published: Fri Dec 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
debian/linux	<=5.10.223-1	5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1
debian/linux-6.1		6.1.129-1~deb11u1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-56539?
CVE-2024-56539 has a medium severity rating due to potential risks associated with memory corruption.
How do I fix CVE-2024-56539?
To fix CVE-2024-56539, update to the latest version of the Linux kernel that includes the patch addressing this vulnerability.
What are the potential impacts of CVE-2024-56539?
The potential impacts of CVE-2024-56539 include system instability and possible exploitation leading to unauthorized access.
Which versions of the Linux kernel are affected by CVE-2024-56539?
CVE-2024-56539 affects multiple versions of the Linux kernel prior to the patch being applied.
Who is responsible for resolving CVE-2024-56539?
The Linux kernel development community is responsible for resolving CVE-2024-56539 through updates and patches.

agent/severity
agent/title
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-cve
agent/references
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/usn-cve
source/Ubuntu
agent/description
agent/event
agent/tags
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/launchpad-cve
source/Launchpad
vendor/linux
canonical/linux kernel
package-manager/debian