CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
The Linux kernel CVE team has assigned CVE-2024-35789 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051707-CVE-2024-35789-52e5@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
When moving a station out of a VLAN and deleting the VLAN afterwards, the fastrx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211checkfastrx after the VLAN change.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when moving a station out of a VLAN and deleting the VLAN afterwards. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35789?
CVE-2024-35789 has been classified with a severity that may impact the security of affected Linux kernel versions.
How do I fix CVE-2024-35789?
To fix CVE-2024-35789, update to an unaffected version of the Linux kernel as specified in the advisory.
What versions of the Linux kernel are affected by CVE-2024-35789?
CVE-2024-35789 affects specific versions of the Linux kernel up to 6.9, including various 4.x, 5.x, and 6.x versions.
Is there a known exploit for CVE-2024-35789?
As of now, there are no known active exploits for CVE-2024-35789, but it is recommended to patch the vulnerability.
Who is responsible for addressing CVE-2024-35789?
The Linux kernel CVE team is responsible for addressing CVE-2024-35789 and providing relevant updates and patches.