{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-27410", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.682Z", "datePublished": "2024-05-17T11:50:43.212Z", "dateUpdated": "2024-08-02T00:34:52.357Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:28:37.189Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt's currently possible to change the mesh ID when the\ninterface isn't yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev->u union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere's no userspace that's going to do this, so just\ndisallow changes in iftype when setting mesh ID."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/wireless/nl80211.c"], "versions": [{"version": "7b0a0e3c3a88", "lessThan": "d38d31bbbb9d", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "0cfbb26ee5e7", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "99eb2159680a", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "063715c33b4c", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "930e826962d9", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "177d574be4b5", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "a2add961a5ed", "status": "affected", "versionType": "git"}, {"version": "7b0a0e3c3a88", "lessThan": "f78c1375339a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/wireless/nl80211.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.309", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.271", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.212", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.151", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.81", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.21", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.9", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"}, {"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"}, {"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"}, {"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"}, {"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"}, {"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"}, {"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"}, {"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "title": "wifi: nl80211: reject iftype change with mesh ID change", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:39:36.191312Z", "id": "CVE-2024-27410", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:43:50.161Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.357Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.357Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27410", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:39:36.191312Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:39:37.315Z"}}], "cna": {"title": "wifi: nl80211: reject iftype change with mesh ID change", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "d38d31bbbb9d", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "0cfbb26ee5e7", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "99eb2159680a", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "063715c33b4c", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "930e826962d9", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "177d574be4b5", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "a2add961a5ed", "versionType": "git"}, {"status": "affected", "version": "7b0a0e3c3a88", "lessThan": "f78c1375339a", "versionType": "git"}], "programFiles": ["net/wireless/nl80211.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.0"}, {"status": "unaffected", "version": "0", "lessThan": "6.0", "versionType": "custom"}, {"status": "unaffected", "version": "4.19.309", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.271", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.212", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.151", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.81", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.21", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.9", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/wireless/nl80211.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"}, {"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"}, {"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"}, {"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"}, {"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"}, {"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"}, {"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"}, {"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt's currently possible to change the mesh ID when the\ninterface isn't yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev->u union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere's no userspace that's going to do this, so just\ndisallow changes in iftype when setting mesh ID."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:28:37.189Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27410", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:34:52.357Z", "dateReserved": "2024-02-25T13:47:42.682Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T11:50:43.212Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt's currently possible to change the mesh ID when the\ninterface isn't yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev->u union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere's no userspace that's going to do this, so just\ndisallow changes in iftype when setting mesh ID."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: rechazar cambio de tipo con cambio de ID de malla Actualmente es posible cambiar el ID de malla cuando la interfaz a\u00fan no est\u00e1 en modo malla, al mismo tiempo que se cambia a modo malla. Esto lleva a una sobrescritura de datos en la uni\u00f3n wdev->u para el tipo de interfaz que tiene actualmente, causando que cfg80211_change_iface() haga cosas incorrectas al cambiar. Probablemente podr\u00edamos permitir configurar una interfaz para malla mientras configuramos la ID de malla al mismo tiempo haciendo un orden diferente de operaciones aqu\u00ed, pero en realidad no hay ning\u00fan espacio de usuario que vaya a hacer esto, as\u00ed que simplemente no permita cambios en iftype al configurar la ID de malla."}], "id": "CVE-2024-27410", "lastModified": "2024-06-27T13:15:58.197", "metrics": {}, "published": "2024-05-17T12:15:11.690", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:4352", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4211", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.8.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: nl80211: reject iftype change with mesh ID change", "id": "2281113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281113"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: nl80211: reject iftype change with mesh ID change\nIt's currently possible to change the mesh ID when the\ninterface isn't yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev->u union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere's no userspace that's going to do this, so just\ndisallow changes in iftype when setting mesh ID."], "name": "CVE-2024-27410", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27410\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27410\nhttps://lore.kernel.org/linux-cve-announce/2024051701-CVE-2024-27410-874a@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.19.309, kernel 5.4.271, kernel 5.10.212, kernel 5.15.151, kernel 6.1.81, kernel 6.6.21, kernel 6.7.9, kernel 6.8"}