CVE-2024-41072

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.

N/A
CVSS
Severity:
EPSS 0.25%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79
https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac
https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b
https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b
https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f
https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95
https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b
https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d103a80fc

Frequently Asked Questions

What is the severity of CVE-2024-41072?
CVE-2024-41072 has not yet been assigned a CVSS score.
How to fix CVE-2024-41072?
To fix CVE-2024-41072, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-41072 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-41072 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-41072?
CVE-2024-41072 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.