CVE-2024-35937
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-35937
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-35937.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-35937
- Downstream
- Related
- Published
- 2024-05-19T10:10:43Z
- Modified
- 2025-11-04T04:04:14.474147Z
- Summary
- wifi: cfg80211: check A-MSDU format more carefully
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: check A-MSDU format more carefully
If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more careful and check if the subframe header can even be present.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544
- https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9
- https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc
- https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced966d5c2c22edcc0ab3d519af39f91a29329c979aFixed9eb3bc0973d084423a6df21cf2c74692ff05647e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6e4c0d0460bd32ca9244dff3ba2d2da27235de11Fixed5d7a8585fbb31e88fb2a0f581b70667d3300d1e9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6e4c0d0460bd32ca9244dff3ba2d2da27235de11Fixed16da1e1dac23be45ef6e23c41b1508c400e6c544
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6e4c0d0460bd32ca9244dff3ba2d2da27235de11Fixed9ad7974856926129f190ffbe3beea78460b3b7cc
Affected versions
v6.*
v6.2
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4
v6.8.5
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "77155208098375460116348940826789353564",
"length": 1902.0
},
"target": {
"file": "net/wireless/util.c",
"function": "ieee80211_amsdu_to_8023s"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb3bc0973d084423a6df21cf2c74692ff05647e",
"signature_version": "v1",
"id": "CVE-2024-35937-09ca8ae0",
"deprecated": false
},
{
"digest": {
"function_hash": "325368402065313480272663760269662371228",
"length": 551.0
},
"target": {
"file": "net/wireless/util.c",
"function": "ieee80211_is_valid_amsdu"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb3bc0973d084423a6df21cf2c74692ff05647e",
"signature_version": "v1",
"id": "CVE-2024-35937-38d0d28b",
"deprecated": false
},
{
"digest": {
"function_hash": "308379176869917358236439546308390519709",
"length": 486.0
},
"target": {
"file": "net/wireless/util.c",
"function": "ieee80211_is_valid_amsdu"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5d7a8585fbb31e88fb2a0f581b70667d3300d1e9",
"signature_version": "v1",
"id": "CVE-2024-35937-3c0981cb",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"170825883591400723548103605838521507157",
"81341181674963171619994243841936900203",
"79682036832837186707511571694272726390",
"129265851907250149221014535522500993242",
"109345297179519253547376627294137549961",
"65917756943736858952488127359438198073",
"277669716404815644269038223344525278030",
"139902839081317395174121150960739085035",
"310736698585827105585202636035262250173",
"290497601526306975922488999557399373097",
"101693833570287677899875709674396502500",
"255887087456834300273477789373573347843",
"234275245802151681090127327928178030289",
"50233165613186735874955390676703096753",
"149290086942308118290173928509902146824",
"187352339669076821197446945694785413302",
"44269186754670084690533856535429743730",
"1328252633760005140891500149501393790",
"27677750098914279243911713442178834160",
"309567297467245915324296267994866246087",
"252319973518833976259251749996238730259",
"254905951753774025500962827725542191876",
"112988995491323027006582251489265433759",
"146473628565003900858140534673629742451",
"75110975679379264174275884090098723947",
"188821239575487309349901741342973924507",
"255887087456834300273477789373573347843",
"50810891627509360605336340278526100692",
"285050624119144098907923131914271343843"
]
},
"target": {
"file": "net/wireless/util.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9eb3bc0973d084423a6df21cf2c74692ff05647e",
"signature_version": "v1",
"id": "CVE-2024-35937-9c1307cd",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"248114552812652493622817402758328912377",
"174972795095608301631054071477816508001",
"79682036832837186707511571694272726390",
"129265851907250149221014535522500993242",
"109345297179519253547376627294137549961",
"65917756943736858952488127359438198073",
"277669716404815644269038223344525278030",
"139902839081317395174121150960739085035",
"310736698585827105585202636035262250173",
"236514379924540016609267686983499981820",
"245815886568479762356537603222310732639",
"255887087456834300273477789373573347843",
"234275245802151681090127327928178030289",
"50233165613186735874955390676703096753",
"149290086942308118290173928509902146824",
"187352339669076821197446945694785413302",
"44269186754670084690533856535429743730",
"1328252633760005140891500149501393790",
"27677750098914279243911713442178834160",
"309567297467245915324296267994866246087",
"252319973518833976259251749996238730259",
"254905951753774025500962827725542191876",
"112988995491323027006582251489265433759",
"146473628565003900858140534673629742451",
"75110975679379264174275884090098723947",
"227884287483988584904634391790633034395",
"255887087456834300273477789373573347843",
"50810891627509360605336340278526100692",
"285050624119144098907923131914271343843"
]
},
"target": {
"file": "net/wireless/util.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5d7a8585fbb31e88fb2a0f581b70667d3300d1e9",
"signature_version": "v1",
"id": "CVE-2024-35937-cb2b5ca8",
"deprecated": false
},
{
"digest": {
"function_hash": "210599522440648828606842604918067090777",
"length": 1845.0
},
"target": {
"file": "net/wireless/util.c",
"function": "ieee80211_amsdu_to_8023s"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5d7a8585fbb31e88fb2a0f581b70667d3300d1e9",
"signature_version": "v1",
"id": "CVE-2024-35937-e2092686",
"deprecated": false
}
]