CVE-2024-26637

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on mac80211 to delete the entries when appropriate and adding them from the vif_add_debugfs handler.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc	Mailing List Patch
https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274	Mailing List Patch
https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc	Mailing List Patch
https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::

History

10 Mar 2025, 16:58

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.8:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
CWE		NVD-CWE-noinfo
References	~~() https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc -~~	() https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc - Mailing List, Patch
References	~~() https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274 -~~	() https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274 - Mailing List, Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux

Information

Published : 2024-03-18 11:15

Updated : 2025-03-10 16:58

NVD link : CVE-2024-26637

Mitre link : CVE-2024-26637

CVE.ORG link : CVE-2024-26637

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-26637", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-03-18T11:15:10.550", "references": [{"url": "https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274", "tags": ["Mailing List", "Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: rely on mac80211 debugfs handling for vif\n\nmac80211 started to delete debugfs entries in certain cases, causing a\nath11k to crash when it tried to delete the entries later. Fix this by\nrelying on mac80211 to delete the entries when appropriate and adding\nthem from the vif_add_debugfs handler."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath11k: conf\u00eda en el manejo de debugfs de mac80211 para vif mac80211 comenz\u00f3 a eliminar entradas de debugfs en ciertos casos, lo que provoc\u00f3 que ath11k fallara cuando intent\u00f3 eliminar las entradas m\u00e1s tarde. Solucione este problema confiando en mac80211 para eliminar las entradas cuando corresponda y agreg\u00e1ndolas desde el controlador vif_add_debugfs."}], "lastModified": "2025-03-10T16:58:35.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}