Bug 2297514 (CVE-2024-40930)
Summary: | CVE-2024-40930 kernel: wifi: cfg80211: validate HE operation element parsing | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 6.9.6, kernel 6.10-rc3 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in the Linux kernel's cfg80211 component, related to the parsing of HE operation elements, where the issue occurs when the length of the HE operation element is not validated before parsing, potentially leading to buffer overflows or undefined behavior.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
OSIDB Bzimport
2024-07-12 13:34:34 UTC
|