CVE-2024-42225
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Jul 30, 2024
CWE ID 908
Summary
CVE-2024-42225 is a recently identified vulnerability affecting the Linux kernel's wifi driver (mt76). This issue involved the use of uninitialized data during the wifi driver's data transfer process. Specifically, the function 'skb_put' was replaced with 'skb_put_zero' to prevent the potential reuse of uninitialized data, addressing the vulnerability. This issue could have led to arbitrary data injection and potential system compromise. Linux users are advised to update their kernels as soon as patches become available to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share