CVE-2024-26610: wifi: iwlwifi: fix a memory corruption
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
iwlfwinitriggertlv::data is a pointer to a le32, which means that if we copy to iwlfwinitriggertlv::data + offset while offset is in bytes, we'll write past the buffer.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
The Linux kernel CVE team has assigned CVE-2024-26610 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/20240229155245.1571576-42-lee@kernel.org/T
— Red Hat
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption error. A local attacker could exploit this vulnerability to execute arbitrary code on the system.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26610?
CVE-2024-26610 is classified as a medium-severity vulnerability in the Linux kernel due to potential memory corruption issues.
How do I fix CVE-2024-26610?
To fix CVE-2024-26610, update your Linux kernel to a version that is equal to or greater than 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, or 6.8.
Which Linux kernel versions are affected by CVE-2024-26610?
CVE-2024-26610 affects multiple versions of the Linux kernel, specifically those prior to 5.10.210, 5.15.149, 6.1.76, 6.6.15, 6.7.3, and 6.8.
Where can I find information about CVE-2024-26610?
Information about CVE-2024-26610 can be found in the official Linux kernel announcements and changelogs.
Who should be concerned about CVE-2024-26610?
System administrators and users running vulnerable versions of the Linux kernel should be concerned about CVE-2024-26610 due to its potential impact on system stability and security.