CVE-2024-27410

2024-05-1700:00:00

ubuntu.com

linux kernel

vulnerability

wifi

mesh id

interface type

data overwrite

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: wifi:
nl80211: reject iftype change with mesh ID change It’s currently possible
to change the mesh ID when the interface isn’t yet in mesh mode, at the
same time as changing it into mesh mode. This leads to an overwrite of data
in the wdev->u union for the interface type it currently has, causing
cfg80211_change_iface() to do wrong things when switching. We could
probably allow setting an interface to mesh while setting the mesh ID at
the same time by doing a different order of operations here, but
realistically there’s no userspace that’s going to do this, so just
disallow changes in iftype when setting mesh ID.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux< 5.4.0-186.206UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-112.122UNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu14.04noarchlinux< anyUNKNOWN
ubuntu16.04noarchlinux< anyUNKNOWN
ubuntu18.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1126.136UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1063.69UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-186.206	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-112.122	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	14.04	noarch	linux	< any	UNKNOWN
ubuntu	16.04	noarch	linux	< any	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1126.136	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1063.69	UNKNOWN