CVE-2024-35838: wifi: mac80211: fix potential sta-link leak
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix potential sta-link leak
The Linux kernel CVE team has assigned CVE-2024-35838 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051731-CVE-2024-35838-d072@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix potential sta-link leak
When a station is allocated, links are added but not set to valid yet (e.g. during connection to an AP MLD), we might remove the station without ever marking links valid, and leak them. Fix that.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a sta-link leak due to removing the station without ever marking links valid in the WiFI module. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35838?
CVE-2024-35838 has been classified with a moderate severity due to the potential for a sta-link leak in the Linux kernel.
How do I fix CVE-2024-35838?
To resolve CVE-2024-35838, ensure you update your Linux kernel to versions 6.1.76, 6.6.15, 6.7.3, 6.8, or any applicable patched version provided by your distribution.
Which versions of the kernel are affected by CVE-2024-35838?
CVE-2024-35838 affects various versions of the Linux kernel, including those prior to 6.1.76, 6.6.15, 6.7.3, and 6.8.
Is CVE-2024-35838 specific to Red Hat distributions?
While CVE-2024-35838 mainly affects Red Hat kernels, it also impacts Debian Linux versions 5.10.223-1, 5.10.226-1, 6.1.123-1, 6.1.119-1, 6.12.11-1, and 6.12.12-1.
What are the potential impacts of not addressing CVE-2024-35838?
Failing to address CVE-2024-35838 could lead to potential security risks due to the exposure of sensitive information through sta-link leaks.