CVE-2024-53055
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-53055: A vulnerability has been identified and addressed in the Linux kernel's wifi driver iwlwifi. This issue arises when more than 255 colocated APs are detected during 2.4/5 GHz scanning. Since the loop variable has a type of u8, it cannot reach the number of APs found when that number exceeds 255. This results in an infinite loop. To mitigate this, the code has been modified to use a u32 variable and move the code into smaller loops to limit the scope. Despite initially imposing limitations on scan results and frame sizes, the actual number of potential APs was found to be much smaller, making the use of a u32 variant appropriate.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX