CVE-2024-36922

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice, resulting in the WARN_ONCE() a little later. Fix that by reading txq->read_ptr under lock.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89	Patch
https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa	Patch
https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2	Patch
https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89	Patch
https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa	Patch
https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::

History

01 Oct 2025, 13:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:6.9:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89 -~~	() https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89 - Patch
References	~~() https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa -~~	() https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa - Patch
References	~~() https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2 -~~	() https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2 - Patch

Information

Published : 2024-05-30 16:15

Updated : 2025-10-01 13:52

NVD link : CVE-2024-36922

Mitre link : CVE-2024-36922

CVE.ORG link : CVE-2024-36922

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-36922", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-30T16:15:15.470", "references": [{"url": "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: read txq->read_ptr under lock\n\nIf we read txq->read_ptr without lock, we can read the same\nvalue twice, then obtain the lock, and reclaim from there\nto two different places, but crucially reclaim the same\nentry twice, resulting in the WARN_ONCE() a little later.\nFix that by reading txq->read_ptr under lock."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: leer txq->read_ptr bajo bloqueo Si leemos txq->read_ptr sin bloqueo, podemos leer el mismo valor dos veces, luego obtener el bloqueo y reclamar desde all\u00ed a dos lugares diferentes, pero fundamentalmente reclama la misma entrada dos veces, lo que resulta en WARN_ONCE() un poco m\u00e1s tarde. Solucione eso leyendo txq->read_ptr bajo bloqueo."}], "lastModified": "2025-10-01T13:52:14.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E590E3-9122-405E-A816-1B69540EC77D", "versionEndExcluding": "6.6.31"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A6B920C-8D8F-4130-86B4-AD334F4CF2E3", "versionEndExcluding": "6.8.10", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}