CVE-2024-49929

wifi: iwlwifi: mvm: avoid NULL pointer dereference

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta pointer is not NULL. It retrieves this pointer using iwl_mvm_sta_from_mac80211, which is dereferencing the ieee80211_sta pointer. If sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL pointer. Fix this by checking the sta pointer before retrieving the mvmsta from it. If sta is not NULL, then mvmsta isn't either.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cbc6fc9cfcde151ff5eadaefdc6155f99579384f
https://git.kernel.org/stable/c/6dcadb2ed3b76623ab96e3e7fbeda1a374d01c28 patch
https://git.kernel.org/stable/c/cdbf51bfa4b0411820806777da36d93d49bc49a1 patch
https://git.kernel.org/stable/c/c0b4f5d94934c290479180868a32c15ba36a6d9e patch
https://git.kernel.org/stable/c/557a6cd847645e667f3b362560bd7e7c09aac284 patch

Frequently Asked Questions

What is the severity of CVE-2024-49929?
CVE-2024-49929 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49929?
To fix CVE-2024-49929, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49929 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49929 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49929?
CVE-2024-49929 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.