CVE-2024-56539
- Source
- https://cve.org/CVERecord?id=CVE-2024-56539
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56539.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56539
- Downstream
- Related
- Published
- 2024-12-27T14:11:21.487Z
- Modified
- 2026-03-12T02:16:30.095667Z
- Summary
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexconfigscan()
Replace one-element array with a flexible-array member in
struct mwifiex_ie_types_wildcard_ssid_paramsto fix the following warning on a MT8173 Chromebook (mt8173-elm-hana):[ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcardssidtlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiexscannetworks+0x4fc/0xf28 [mwifiex]
The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like:
ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len);There is a #define WILDCARDSSIDTLVMAXSIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56539.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a
- https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c
- https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1
- https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866
- https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea
- https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365
- https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500
- https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036
- https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56539.json
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-56539
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4eFixeda09760c513ae0f98c7082a1deace7fb6284ee866Fixed1de0ca1d7320a645ba2ee5954f64be08935b002aFixed5fa329c44e1e635da2541eab28b6cdb8464fc8d1Fixed581261b2d6fdb4237b24fa13f5a5f87bf2861f2cFixedb466746cfb6be43f9a1457bbee52ade397fb23eaFixedc4698ef8c42e02782604bf4f8a489dbf6b0c1365Fixede2de22e4b6213371d9e76f74a10ce817572a8d74Fixedd7774910c5583e61c5fe2571280366624ef48036Fixedd241a139c2e9f8a479f25c75ebd5391e6a448500