9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.2%
In the Linux kernel, the following vulnerability has been resolved: wifi:
wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the
connect function from cfg802.11 layer lead to the following warning:
============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+
#333 Not tainted -----------------------------
drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious
rcu_dereference_check() usage! […] stack backtrace: CPU: 0 PID: 100 Comm:
wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333 Hardware name: Atmel SAMA5
unwind_backtrace from show_stack+0x18/0x1c show_stack from
dump_stack_lvl+0x34/0x48 dump_stack_lvl from
wilc_parse_join_bss_param+0x7dc/0x7f4 wilc_parse_join_bss_param from
connect+0x2c4/0x648 connect from cfg80211_connect+0x30c/0xb74
cfg80211_connect from nl80211_connect+0x860/0xa94 nl80211_connect from
genl_rcv_msg+0x3fc/0x59c genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8
netlink_rcv_skb from genl_rcv+0x2c/0x3c genl_rcv from
netlink_unicast+0x3b0/0x550 netlink_unicast from
netlink_sendmsg+0x368/0x688 netlink_sendmsg from
____sys_sendmsg+0x190/0x430 ____sys_sendmsg from ___sys_sendmsg+0x110/0x158
___sys_sendmsg from sys_sendmsg+0xe8/0x150 sys_sendmsg from
ret_fast_syscall+0x0/0x1c This warning is emitted because in the connect
path, when trying to parse target BSS parameters, we dereference a RCU
pointer whithout being in RCU critical section. Fix RCU dereference usage
by moving it to a RCU read critical section. To avoid wrapping the whole
wilc_parse_join_bss_param under the critical section, just use the critical
section to copy ies data
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-112.122 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < 6.8.0-35.35 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1063.69 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < 6.8.0-1009.9 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1063.69~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
git.kernel.org/linus/205c50306acf58a335eb19fa84e40140f4fe814f (6.9-rc1)
git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f
git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce
git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de
git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2
git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38
git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2
git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7
git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2
launchpad.net/bugs/cve/CVE-2024-27053
nvd.nist.gov/vuln/detail/CVE-2024-27053
security-tracker.debian.org/tracker/CVE-2024-27053
ubuntu.com/security/notices/USN-6816-1
ubuntu.com/security/notices/USN-6817-1
ubuntu.com/security/notices/USN-6817-2
ubuntu.com/security/notices/USN-6817-3
ubuntu.com/security/notices/USN-6820-1
ubuntu.com/security/notices/USN-6820-2
ubuntu.com/security/notices/USN-6821-1
ubuntu.com/security/notices/USN-6821-2
ubuntu.com/security/notices/USN-6821-3
ubuntu.com/security/notices/USN-6821-4
ubuntu.com/security/notices/USN-6828-1
www.cve.org/CVERecord?id=CVE-2024-27053
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
13.2%