{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35946", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T13:50:33.133Z", "datePublished": "2024-05-19T10:10:49.493Z", "dateUpdated": "2025-05-04T09:08:59.002Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:08:59.002Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/realtek/rtw89/mac80211.c"], "versions": [{"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd", "lessThan": "b34d64e9aa5505e3c84570aed5c757f1839573e8", "status": "affected", "versionType": "git"}, {"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd", "lessThan": "4f11c741908dab7dd48fa5a986b210d4fc74ca8d", "status": "affected", "versionType": "git"}, {"version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd", "lessThan": "7e11a2966f51695c0af0b1f976a32d64dee243b2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/realtek/rtw89/mac80211.c"], "versions": [{"version": "5.16", "status": "affected"}, {"version": "0", "lessThan": "5.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.27", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.6", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.6.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.16", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"}, {"url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"}, {"url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"}], "title": "wifi: rtw89: fix null pointer access when abort scan", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T14:06:33.157936Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:38.762Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.936Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:48.936Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35946", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-20T14:06:33.157936Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.733Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "wifi: rtw89: fix null pointer access when abort scan", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd", "lessThan": "b34d64e9aa5505e3c84570aed5c757f1839573e8", "versionType": "git"}, {"status": "affected", "version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd", "lessThan": "4f11c741908dab7dd48fa5a986b210d4fc74ca8d", "versionType": "git"}, {"status": "affected", "version": "e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd", "lessThan": "7e11a2966f51695c0af0b1f976a32d64dee243b2", "versionType": "git"}], "programFiles": ["drivers/net/wireless/realtek/rtw89/mac80211.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.16"}, {"status": "unaffected", "version": "0", "lessThan": "5.16", "versionType": "semver"}, {"status": "unaffected", "version": "6.6.27", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.6", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/realtek/rtw89/mac80211.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"}, {"url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"}, {"url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.27", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.6", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:08:59.002Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35946", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:08:59.002Z", "dateReserved": "2024-05-17T13:50:33.133Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-19T10:10:49.493Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "06E895C1-812D-4DD3-AC6C-7069937B982A", "versionEndExcluding": "6.6.27", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "22CA5433-1303-41EF-AD4C-F4645DC01541", "versionEndExcluding": "6.8.6", "versionStartIncluding": "6.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix null pointer access when abort scan\n\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif."}, {"lang": "es", "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: corrige el acceso al puntero null al cancelar el escaneo. Durante la cancelaci\u00f3n del escaneo podr\u00edamos usar vif que no estaban escaneando. Solucione este problema utilizando el vif de escaneo real."}], "id": "CVE-2024-35946", "lastModified": "2025-01-31T15:02:04.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-19T11:15:50.180", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f11c741908dab7dd48fa5a986b210d4fc74ca8d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e11a2966f51695c0af0b1f976a32d64dee243b2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b34d64e9aa5505e3c84570aed5c757f1839573e8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2025:8248", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.70.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-28T00:00:00Z"}], "bugzilla": {"description": "kernel: wifi: rtw89: fix null pointer access when abort scan", "id": "2281833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281833"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: rtw89: fix null pointer access when abort scan\nDuring cancel scan we might use vif that weren't scanning.\nFix this by using the actual scanning vif."], "name": "CVE-2024-35946", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35946\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35946\nhttps://lore.kernel.org/linux-cve-announce/2024051921-CVE-2024-35946-c2c2@gregkh/T"], "threat_severity": "Low"}

{}