CVE-2024-26610

2024-03-1100:00:00

ubuntu.com

cve-2024-26610

iwlwifi

memory corruption

linux kernel

buffer overflow

vulnerability

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved: wifi:
iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer
to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data +
offset while offset is in bytes, we’ll write past the buffer.

Notes

Author	Note
rodrigo-zaiden	USN-6765-1 for linux-oem-6.5 wrongly stated that this CVE was fixed in version 6.5.0-1022.23. The mentioned notice was revoked and the state of the fix for linux-oem-6.5 was recovered to the previous state.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-106.116UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-41.41UNKNOWN
ubuntu24.04noarchlinux< 6.8.0-7.7UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1061.67UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1021.21UNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1061.67~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1063.72UNKNOWN
ubuntu23.10noarchlinux-azure< 6.5.0-1022.23UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< 5.15.0-106.116	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-41.41	UNKNOWN
ubuntu	24.04	noarch	linux	< 6.8.0-7.7	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1061.67	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1021.21	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1061.67~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1063.72	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< 6.5.0-1022.23	UNKNOWN