CVE-2024-42225

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 30, 2024
CWE ID 908

Summary

CVE-2024-42225 is a recently identified vulnerability affecting the Linux kernel's wifi driver (mt76). This issue involved the use of uninitialized data during the wifi driver's data transfer process. Specifically, the function 'skb_put' was replaced with 'skb_put_zero' to prevent the potential reuse of uninitialized data, addressing the vulnerability. This issue could have led to arbitrary data injection and potential system compromise. Linux users are advised to update their kernels as soon as patches become available to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share