CVE-2024-35845

wifi: iwlwifi: dbg-tlv: ensure NUL termination

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.

Category

9.1
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.81% Top 30%
Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209 patch
https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7 patch
https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a patch
https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c patch
https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9 patch
https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641 patch
https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-35845?
CVE-2024-35845 has been scored as a critical severity vulnerability.
How to fix CVE-2024-35845?
To fix CVE-2024-35845, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35845 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35845 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35845?
CVE-2024-35845 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.