CVE-2024-42225: wifi: mt76: replace skb_put with skb_put_zero
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: replace skbput with skbputzero
Avoid potentially reusing uninitialized data
Other sources
Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by reusing uninitialized data in 'wifi: mt76'. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-42225?
The severity of CVE-2024-42225 has not been explicitly defined, but it addresses potential issues related to uninitialized data in the Linux kernel.
How do I fix CVE-2024-42225?
To fix CVE-2024-42225, update your Linux kernel to a version that includes the vulnerability patch, specifically versions above 6.1.123-1 or appropriate versions as recommended.
Which versions of the Linux kernel are affected by CVE-2024-42225?
CVE-2024-42225 affects various versions of the Linux kernel including those between 5.15.163 and 6.1.98, 6.2 to 6.6.39, and 6.7 to 6.9.9.
What components are impacted by CVE-2024-42225?
CVE-2024-42225 specifically impacts the wifi component of the mt76 driver within the Linux kernel.
Is CVE-2024-42225 a critical vulnerability?
While CVE-2024-42225 reduces the risk from the potential reuse of uninitialized data, it is important to evaluate the specific context of your environment to determine if it poses a critical risk.