{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27434", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.687Z", "datePublished": "2024-05-17T12:08:50.896Z", "dateUpdated": "2024-08-02T00:34:52.476Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:28:50.466Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't set the MFP flag for the GTK\n\nThe firmware doesn't need the MFP flag for the GTK, it can even make the\nfirmware crash. in case the AP is configured with: group cipher TKIP and\nMFPC. We would send the GTK with cipher = TKIP and MFP which is of course\nnot possible."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c"], "versions": [{"version": "5c75a208c244", "lessThan": "b4f1b0b3b917", "status": "affected", "versionType": "git"}, {"version": "5c75a208c244", "lessThan": "40405cbb20eb", "status": "affected", "versionType": "git"}, {"version": "5c75a208c244", "lessThan": "60f6d5fc84a9", "status": "affected", "versionType": "git"}, {"version": "5c75a208c244", "lessThan": "e35f316bce9e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c"], "versions": [{"version": "6.2", "status": "affected"}, {"version": "0", "lessThan": "6.2", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8"}, {"url": "https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715"}, {"url": "https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628"}, {"url": "https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c"}], "title": "wifi: iwlwifi: mvm: don't set the MFP flag for the GTK", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27434", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:46.787202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:52.503Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.476Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.476Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27434", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:16:46.787202Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.665Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "wifi: iwlwifi: mvm: don't set the MFP flag for the GTK", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5c75a208c244", "lessThan": "b4f1b0b3b917", "versionType": "git"}, {"status": "affected", "version": "5c75a208c244", "lessThan": "40405cbb20eb", "versionType": "git"}, {"status": "affected", "version": "5c75a208c244", "lessThan": "60f6d5fc84a9", "versionType": "git"}, {"status": "affected", "version": "5c75a208c244", "lessThan": "e35f316bce9e", "versionType": "git"}], "programFiles": ["drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.2"}, {"status": "unaffected", "version": "0", "lessThan": "6.2", "versionType": "custom"}, {"status": "unaffected", "version": "6.6.23", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8"}, {"url": "https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715"}, {"url": "https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628"}, {"url": "https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't set the MFP flag for the GTK\n\nThe firmware doesn't need the MFP flag for the GTK, it can even make the\nfirmware crash. in case the AP is configured with: group cipher TKIP and\nMFPC. We would send the GTK with cipher = TKIP and MFP which is of course\nnot possible."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:28:50.466Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27434", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:34:52.476Z", "dateReserved": "2024-02-25T13:47:42.687Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T12:08:50.896Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don't set the MFP flag for the GTK\n\nThe firmware doesn't need the MFP flag for the GTK, it can even make the\nfirmware crash. in case the AP is configured with: group cipher TKIP and\nMFPC. We would send the GTK with cipher = TKIP and MFP which is of course\nnot possible."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: no configure el indicador MFP para GTK El firmware no necesita el indicador MFP para GTK, incluso puede provocar que el firmware falle. en caso de que el AP est\u00e9 configurado con: cifrado de grupo TKIP y MFPC. Enviar\u00edamos el GTK con cifrado = TKIP y MFP, lo cual, por supuesto, no es posible."}], "id": "CVE-2024-27434", "lastModified": "2024-05-17T18:35:35.070", "metrics": {}, "published": "2024-05-17T13:15:58.000", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}, {"advisory": "RHSA-2024:5363", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.31.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-15T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK", "id": "2281133", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281133"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: iwlwifi: mvm: don't set the MFP flag for the GTK\nThe firmware doesn't need the MFP flag for the GTK, it can even make the\nfirmware crash. in case the AP is configured with: group cipher TKIP and\nMFPC. We would send the GTK with cipher = TKIP and MFP which is of course\nnot possible."], "name": "CVE-2024-27434", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27434\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27434\nhttps://lore.kernel.org/linux-cve-announce/2024051756-CVE-2024-27434-ac61@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.6.23, kernel 6.7.11, kernel 6.8.2, kernel 6.9"}