CVE-2024-26610

wifi: iwlwifi: fix a memory corruption

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.06%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a patch
https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd patch
https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32 patch
https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b patch
https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67 patch
https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html patch

Frequently Asked Questions

What is the severity of CVE-2024-26610?
CVE-2024-26610 has been scored as a high severity vulnerability.
How to fix CVE-2024-26610?
To fix CVE-2024-26610, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26610 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26610 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26610?
CVE-2024-26610 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.