CVE-2024-26610 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:3627	2024-06-05T00:00:00Z
kernel-0:4.18.0-553.5.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:3618	2024-06-05T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a
https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b
https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd
https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32
https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d
https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/20240229155245.1571576-42-lee@kernel.org/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26610
https://www.cve.org/CVERecord?id=CVE-2024-26610

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-29T15:52:15.796Z

Updated: 2024-08-02T00:07:19.572Z

Reserved: 2024-02-19T14:20:24.130Z

Link: CVE-2024-26610

Vulnrichment

Updated: 2024-05-23T19:01:17.141Z

NVD

Status : Awaiting Analysis

Published: 2024-03-11T18:15:19.067

Modified: 2024-06-25T22:15:18.930

Link: CVE-2024-26610

Redhat

Severity : Moderate

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2024-26610 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26610", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.130Z", "datePublished": "2024-02-29T15:52:15.796Z", "dateUpdated": "2024-08-02T00:07:19.572Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:19:29.723Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we'll write past the buffer."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"], "versions": [{"version": "cf29c5b66b9f", "lessThan": "05dd9facfb9a", "status": "affected", "versionType": "git"}, {"version": "cf29c5b66b9f", "lessThan": "99a23462fe1a", "status": "affected", "versionType": "git"}, {"version": "cf29c5b66b9f", "lessThan": "aa2cc9363926", "status": "affected", "versionType": "git"}, {"version": "cf29c5b66b9f", "lessThan": "870171899d75", "status": "affected", "versionType": "git"}, {"version": "cf29c5b66b9f", "lessThan": "f32a81999d0b", "status": "affected", "versionType": "git"}, {"version": "cf29c5b66b9f", "lessThan": "cf4a0d840ecc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.210", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.149", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.76", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.15", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.3", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"}, {"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"}, {"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"}, {"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"}, {"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"}, {"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "title": "wifi: iwlwifi: fix a memory corruption", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26610", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-12T18:22:31.931608Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:49:28.637Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.572Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26610", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-12T18:22:31.931608Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:17.141Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "wifi: iwlwifi: fix a memory corruption", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "cf29c5b66b9f", "lessThan": "05dd9facfb9a", "versionType": "git"}, {"status": "affected", "version": "cf29c5b66b9f", "lessThan": "99a23462fe1a", "versionType": "git"}, {"status": "affected", "version": "cf29c5b66b9f", "lessThan": "aa2cc9363926", "versionType": "git"}, {"status": "affected", "version": "cf29c5b66b9f", "lessThan": "870171899d75", "versionType": "git"}, {"status": "affected", "version": "cf29c5b66b9f", "lessThan": "f32a81999d0b", "versionType": "git"}, {"status": "affected", "version": "cf29c5b66b9f", "lessThan": "cf4a0d840ecc", "versionType": "git"}], "programFiles": ["drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.210", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.149", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.76", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.15", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.3", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a"}, {"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd"}, {"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32"}, {"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b"}, {"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67"}, {"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix a memory corruption\n\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we'll write past the buffer."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:19:29.723Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26610", "state": "PUBLISHED", "dateUpdated": "2024-05-29T05:19:29.723Z", "dateReserved": "2024-02-19T14:20:24.130Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T15:52:15.796Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"affected_release": [{"advisory": "RHSA-2024:3627", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}, {"advisory": "RHSA-2024:3618", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.5.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-06-05T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: iwlwifi: fix a memory corruption", "id": "2269213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269213"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified"}, "cwe": "CWE-680", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: iwlwifi: fix a memory corruption\niwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that\nif we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in\nbytes, we'll write past the buffer.", "A memory corruption flaw was found in the Linux kernel Intel Wireless WiFi Next Gen AGN module. This issue could allow a local user to crash the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the iwlwifi module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2024-26610", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26610\nhttps://lore.kernel.org/linux-cve-announce/20240229155245.1571576-42-lee@kernel.org/T"], "statement": "Red Hat Enterprise Linux 9 is not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.210, kernel 5.15.149, kernel 6.1.76, kernel 6.6.15, kernel 6.7.3, kernel 6.8-rc2"}