CVE-2024-38562
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-6997.html
Vendor advisory: alma — https://bugzilla.redhat.com/2301543
Vendor advisory: alma — https://bugzilla.redhat.com/2300448
Vendor advisory: alma — https://bugzilla.redhat.com/2297568
Vendor advisory: alma — https://bugzilla.redhat.com/2293685
Vendor advisory: alma — https://bugzilla.redhat.com/2293431
Vendor advisory: alma — https://bugzilla.redhat.com/2293423
Vendor advisory: alma — https://bugzilla.redhat.com/2293420
Vendor advisory: alma — https://bugzilla.redhat.com/2293364
Vendor advisory: alma — https://bugzilla.redhat.com/2293348
Vendor advisory: alma — https://bugzilla.redhat.com/2284549
Vendor advisory: alma — https://bugzilla.redhat.com/2283894
Vendor advisory: alma — https://bugzilla.redhat.com/2281677
Vendor advisory: alma — https://bugzilla.redhat.com/2278318
Vendor advisory: alma — https://bugzilla.redhat.com/2278252
Vendor advisory: alma — https://bugzilla.redhat.com/2278250
Vendor advisory: alma — https://bugzilla.redhat.com/2278248
Vendor advisory: alma — https://bugzilla.redhat.com/2278245
Vendor advisory: alma — https://bugzilla.redhat.com/2278167
Vendor advisory: alma — https://bugzilla.redhat.com/2273270
Vendor advisory: alma — https://bugzilla.redhat.com/2265271
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-38562
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-38562.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:6997
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.8.12-1 |
| debian | sid | fixed | 6.8.12-1 |
| debian | trixie | fixed | 6.8.12-1 |
References
- https://access.redhat.com/errata/RHSA-2024:6997
- https://www.suse.com/security/cve/CVE-2024-38562.html
- https://security-tracker.debian.org/tracker/CVE-2024-38562
- https://bugzilla.redhat.com/2265271
- https://bugzilla.redhat.com/2273270
- https://bugzilla.redhat.com/2278167
- https://bugzilla.redhat.com/2278245
- https://bugzilla.redhat.com/2278248
- https://bugzilla.redhat.com/2278250
- https://bugzilla.redhat.com/2278252
- https://bugzilla.redhat.com/2278318
- https://bugzilla.redhat.com/2281677
- https://bugzilla.redhat.com/2283894
- https://bugzilla.redhat.com/2284549
- https://bugzilla.redhat.com/2293348
- https://bugzilla.redhat.com/2293364
- https://bugzilla.redhat.com/2293420
- https://bugzilla.redhat.com/2293423
- https://bugzilla.redhat.com/2293431
- https://bugzilla.redhat.com/2293685
- https://bugzilla.redhat.com/2297568
- https://bugzilla.redhat.com/2300448
- https://bugzilla.redhat.com/2301543
- https://errata.almalinux.org/9/ALSA-2024-6997.html
Verify integrity in audit chain (admin only). AS-IS.