CVE-2024-40929

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of-bound access. Fix this by checking n_ssids first.

N/A
CVSS
Severity:
EPSS 0.26%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b
https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640
https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614
https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a
https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b
https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281

Frequently Asked Questions

What is the severity of CVE-2024-40929?
CVE-2024-40929 has not yet been assigned a CVSS score.
How to fix CVE-2024-40929?
To fix CVE-2024-40929, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-40929 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-40929 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-40929?
CVE-2024-40929 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.