CVE-2024-53055

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 835

Summary

CVE-2024-53055: A vulnerability has been identified and addressed in the Linux kernel's wifi driver iwlwifi. This issue arises when more than 255 colocated APs are detected during 2.4/5 GHz scanning. Since the loop variable has a type of u8, it cannot reach the number of APs found when that number exceeds 255. This results in an infinite loop. To mitigate this, the code has been modified to use a u32 variable and move the code into smaller loops to limit the scope. Despite initially imposing limitations on scan results and frame sizes, the actual number of potential APs was found to be much smaller, making the use of a u32 variant appropriate.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share