CVE-2024-53055
IBM Wi-Fi Kernal Buffer Overflow
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8, which can never reach the number found when that's bigger than 255, and is stored in a u32 variable. Also move it into the loops to have a smaller scope. Using a u32 there is fine, we limit the number of APs in the scan list and each has a limit on the number of RNR entries due to the frame size. With a limit of 1000 scan results, a frame size upper bound of 4096 (really it's more like ~2300) and a TBTT entry size of at least 11, we get an upper bound for the number of ~372k, well in the bounds of a u32.
INFO
Published Date :
Nov. 19, 2024, 6:15 p.m.
Last Modified :
Nov. 22, 2024, 5:18 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-53055.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-53055 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-53055 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Nov. 22, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE NIST CWE-835 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.171 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.116 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.60 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.11.7 *cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* Changed Reference Type https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f No Types Assigned https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f Patch Changed Reference Type https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f No Types Assigned https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f Patch Changed Reference Type https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a No Types Assigned https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a Patch Changed Reference Type https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875 No Types Assigned https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875 Patch Changed Reference Type https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef No Types Assigned https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef Patch -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Nov. 19, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8, which can never reach the number found when that's bigger than 255, and is stored in a u32 variable. Also move it into the loops to have a smaller scope. Using a u32 there is fine, we limit the number of APs in the scan list and each has a limit on the number of RNR entries due to the frame size. With a limit of 1000 scan results, a frame size upper bound of 4096 (really it's more like ~2300) and a TBTT entry size of at least 11, we get an upper bound for the number of ~372k, well in the bounds of a u32. Added Reference kernel.org https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-53055 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-53055
weaknesses.