AZL-51204

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51204.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-51204

Upstream

CVE-2024-47718

Published

2024-10-21T12:15:08Z

Modified

2026-04-01T05:17:42.060689Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-47718 affecting package kernel for versions less than 6.6.56.1-5

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: always wait for both firmware loading attempts

In 'rtwwaitfirmwarecompletion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtwusbintfinit()' has failed in 'rtwusbprobe()', 'rtwusbdisconnect()' may issue 'ieee80211freehw()' when one of 'rtwloadfirmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47718

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.56.1-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-51204.json"