CVE-2024-26896 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel

Link	Providers
https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3
https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b
https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3
https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc
https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487
https://lore.kernel.org/linux-cve-announce/2024041744-CVE-2024-26896-79fe@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26896
https://www.cve.org/CVERecord?id=CVE-2024-26896

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26896", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.186Z", "datePublished": "2024-04-17T10:27:47.214Z", "dateUpdated": "2025-05-04T08:59:07.701Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:59:07.701Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n    unreferenced object 0xd73d1180 (size 184):\n      comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................\n      backtrace:\n        [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n        [<127bdd74>] __alloc_skb+0x144/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n        [<69954f45>] __sys_sendmsg+0x64/0xa8\n    unreferenced object 0xce087000 (size 1024):\n      comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n      backtrace:\n        [<9a993714>] __kmalloc_track_caller+0x230/0x600\n        [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n        [<a2c61343>] __alloc_skb+0xa0/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "versions": [{"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "a1f57a0127b89a6b6620514564aa7eaec16d9af3", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "3a71ec74e5e3478d202a1874f085ca3ef40be49b", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "12f00a367b2b62756e0396f14b54c2c15524e1c3", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "dadbb5d29d6c5f571a50272fce8c1505a9559487", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "b8cfb7c819dd39965136a66fe3a7fde688d976fc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.7.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.8.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}], "title": "wifi: wfx: fix memory leak when starting AP", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26896", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T16:49:12.892582Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "268bceec1684", "lessThan": "a1f57a0127b8", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:38.723Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.675Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-26896 (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

state : PUBLISHED (string)

assignerShortName : Linux (string)

dateReserved : 2024-02-19T14:20:24.186Z (string)

datePublished : 2024-04-17T10:27:47.214Z (string)

dateUpdated : 2025-05-04T08:59:07.701Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2025-05-04T08:59:07.701Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74 [<a2c61343>] __alloc_skb+0xa0/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy. (string)

}

]

affected : [ »

0 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : unaffected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/wireless/silabs/wfx/sta.c (string)

]

versions : [ »

0 : { »

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

status : affected (string)

versionType : git (string)

}

1 : { »

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : 3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

status : affected (string)

versionType : git (string)

}

2 : { »

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : 12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

status : affected (string)

versionType : git (string)

}

3 : { »

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

status : affected (string)

versionType : git (string)

}

4 : { »

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

status : affected (string)

versionType : git (string)

}

]

}

1 : { »

product : Linux (string)

vendor : Linux (string)

defaultStatus : affected (string)

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

programFiles : [ »

0 : drivers/net/wireless/silabs/wfx/sta.c (string)

]

versions : [ »

0 : { »

version : 5.10 (string)

status : affected (string)

}

1 : { »

version : 0 (string)

lessThan : 5.10 (string)

status : unaffected (string)

versionType : semver (string)

}

2 : { »

version : 6.1.83 (string)

lessThanOrEqual : 6.1.* (string)

status : unaffected (string)

versionType : semver (string)

}

3 : { »

version : 6.6.23 (string)

lessThanOrEqual : 6.6.* (string)

status : unaffected (string)

versionType : semver (string)

}

4 : { »

version : 6.7.11 (string)

lessThanOrEqual : 6.7.* (string)

status : unaffected (string)

versionType : semver (string)

}

5 : { »

version : 6.8.2 (string)

lessThanOrEqual : 6.8.* (string)

status : unaffected (string)

versionType : semver (string)

}

6 : { »

version : 6.9 (string)

lessThanOrEqual : * (string)

status : unaffected (string)

versionType : original_commit_for_fix (string)

}

]

}

]

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10 (string)

versionEndExcluding : 6.1.83 (string)

}

1 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10 (string)

versionEndExcluding : 6.6.23 (string)

}

2 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10 (string)

versionEndExcluding : 6.7.11 (string)

}

3 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10 (string)

versionEndExcluding : 6.8.2 (string)

}

4 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

versionStartIncluding : 5.10 (string)

versionEndExcluding : 6.9 (string)

}

]

}

]

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

}

2 : { »

url : https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

}

]

title : wifi: wfx: fix memory leak when starting AP (string)

x_generator : { »

engine : bippy-1.2.0 (string)

}

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26896 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-13T16:49:12.892582Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.10 (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 268bceec1684 (string)

lessThan : a1f57a0127b8 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-125 (string)

description : CWE-125 Out-of-bounds Read (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-06-04T17:48:38.723Z (string)

}

1 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:21:05.675Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.675Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26896", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T16:49:12.892582Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "268bceec1684", "lessThan": "a1f57a0127b8", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T17:14:18.080Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "wifi: wfx: fix memory leak when starting AP", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "a1f57a0127b89a6b6620514564aa7eaec16d9af3", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "3a71ec74e5e3478d202a1874f085ca3ef40be49b", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "12f00a367b2b62756e0396f14b54c2c15524e1c3", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "dadbb5d29d6c5f571a50272fce8c1505a9559487", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "b8cfb7c819dd39965136a66fe3a7fde688d976fc", "versionType": "git"}], "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.83", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n    unreferenced object 0xd73d1180 (size 184):\n      comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................\n      backtrace:\n        [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n        [<127bdd74>] __alloc_skb+0x144/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n        [<69954f45>] __sys_sendmsg+0x64/0xa8\n    unreferenced object 0xce087000 (size 1024):\n      comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n      backtrace:\n        [<9a993714>] __kmalloc_track_caller+0x230/0x600\n        [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n        [<a2c61343>] __alloc_skb+0xa0/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:49:42.985Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26896", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:49:42.985Z", "dateReserved": "2024-02-19T14:20:24.186Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:47.214Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

tags : [ »

0 : x_transferred (string)

]

}

2 : { »

url : https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

tags : [ »

0 : x_transferred (string)

]

}

3 : { »

url : https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

tags : [ »

0 : x_transferred (string)

]

}

4 : { »

url : https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T00:21:05.675Z (string)

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-26896 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-05-13T16:49:12.892582Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.10 (string)

}

]

defaultStatus : unknown (string)

}

1 : { »

cpes : [ »

0 : cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* (string)

]

vendor : linux (string)

product : linux_kernel (string)

versions : [ »

0 : { »

status : affected (string)

version : 268bceec1684 (string)

lessThan : a1f57a0127b8 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-125 (string)

description : CWE-125 Out-of-bounds Read (string)

}

]

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-05-13T17:14:18.080Z (string)

}

title : CISA ADP Vulnrichment (string)

}

]

cna : { »

title : wifi: wfx: fix memory leak when starting AP (string)

affected : [ »

0 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

versionType : git (string)

}

1 : { »

status : affected (string)

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : 3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

versionType : git (string)

}

2 : { »

status : affected (string)

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : 12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

versionType : git (string)

}

3 : { »

status : affected (string)

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

versionType : git (string)

}

4 : { »

status : affected (string)

version : 268bceec1684932e194ae87877dcc73f534d921c (string)

lessThan : b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

versionType : git (string)

}

]

programFiles : [ »

0 : drivers/net/wireless/silabs/wfx/sta.c (string)

]

defaultStatus : unaffected (string)

}

1 : { »

repo : https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git (string)

vendor : Linux (string)

product : Linux (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.10 (string)

}

1 : { »

status : unaffected (string)

version : 0 (string)

lessThan : 5.10 (string)

versionType : semver (string)

}

2 : { »

status : unaffected (string)

version : 6.1.83 (string)

versionType : semver (string)

lessThanOrEqual : 6.1.* (string)

}

3 : { »

status : unaffected (string)

version : 6.6.23 (string)

versionType : semver (string)

lessThanOrEqual : 6.6.* (string)

}

4 : { »

status : unaffected (string)

version : 6.7.11 (string)

versionType : semver (string)

lessThanOrEqual : 6.7.* (string)

}

5 : { »

status : unaffected (string)

version : 6.8.2 (string)

versionType : semver (string)

lessThanOrEqual : 6.8.* (string)

}

6 : { »

status : unaffected (string)

version : 6.9 (string)

versionType : original_commit_for_fix (string)

lessThanOrEqual : * (string)

}

]

programFiles : [ »

0 : drivers/net/wireless/silabs/wfx/sta.c (string)

]

defaultStatus : affected (string)

}

]

references : [ »

0 : { »

url : https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

}

1 : { »

url : https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

}

2 : { »

url : https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

}

3 : { »

url : https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

}

4 : { »

url : https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

}

]

x_generator : { »

engine : bippy-5f407fcff5a0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74 [<a2c61343>] __alloc_skb+0xa0/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy. (string)

}

]

providerMetadata : { »

orgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

shortName : Linux (string)

dateUpdated : 2024-12-19T08:49:42.985Z (string)

}

cveMetadata : { »

cveId : CVE-2024-26896 (string)

state : PUBLISHED (string)

dateUpdated : 2024-12-19T08:49:42.985Z (string)

dateReserved : 2024-02-19T14:20:24.186Z (string)

assignerOrgId : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

datePublished : 2024-04-17T10:27:47.214Z (string)

assignerShortName : Linux (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4D76A9A-5B9B-4BBE-AF0B-2D358C8DDB1A", "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68", "versionEndExcluding": "6.6.23", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n    unreferenced object 0xd73d1180 (size 184):\n      comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................\n      backtrace:\n        [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n        [<127bdd74>] __alloc_skb+0x144/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n        [<69954f45>] __sys_sendmsg+0x64/0xa8\n    unreferenced object 0xce087000 (size 1024):\n      comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n      hex dump (first 32 bytes):\n        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n        10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\n      backtrace:\n        [<9a993714>] __kmalloc_track_caller+0x230/0x600\n        [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n        [<a2c61343>] __alloc_skb+0xa0/0x170\n        [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n        [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n        [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n        [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n        [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n        [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n        [<47bd8b68>] genl_rcv_msg+0x198/0x378\n        [<453ef796>] netlink_rcv_skb+0xd0/0x130\n        [<6b7c977a>] genl_rcv+0x34/0x44\n        [<66b2d04d>] netlink_unicast+0x1b4/0x258\n        [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n        [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n        [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: wfx: corrige la p\u00e9rdida de memoria al iniciar AP Kmemleak inform\u00f3 este error: objeto sin referencia 0xd73d1180 (tama\u00f1o 184): comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (edad 964.245 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ rastreo inverso: [&lt;5ca11420&gt;] kmem_cache_alloc+0x20c/0x5ac [&lt;127bdd74&gt;] __alloc_skb+0x144/0x170 [] __netdev_alloc_skb +0x50/0x180 [&lt;0f9fa1d5&gt;] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [&lt;7accd02d&gt;] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [&lt;41e25cc3&gt;] 8/0x234 [wfx] [&lt;93a70356&gt;] ieee80211_start_ap+ 0x404/0x6b4 [mac80211] [] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [&lt;47bd8b68&gt;] genl_rcv_msg+0x198/0x378 [&lt;453ef796&gt;] 130 [&lt;6b7c977a&gt;] genl_rcv+0x34/0x44 [ &lt;66b2d04d&gt;] netlink_unicast+0x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] b4 [&lt;69954f45&gt;] __sys_sendmsg+0x64/0xa8 sin referencia Objeto 0xCE087000 (tama\u00f1o 1024): Comm \"WPA_Supplicant\", PID 1559, Jiffies 13006305 (Edad 964.246s) Volcado hexagonal (Primero 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... ............ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ retroceso: [&lt;9a993714&gt; ] __kmalloc_track_caller+0x230/0x600 [] kmalloc_reserve.constprop.0+0x30/0x74 [] __alloc_skb+0xa0/0x170 [] __netdev_alloc_skb+0x50/0x180 9fa1d5&gt;] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [&lt;7accd02d&gt;] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [&lt;41e25cc3&gt;] wfx_start_ap+0xc8/0x234 [wfx] [&lt;93a70356&gt;] ieee80211_start_ap+0x404/0x6b4 [ mac80211] [] nl80211_start_ap+0x76c /0x9e0 [cfg80211] [&lt;47bd8b68&gt;] genl_rcv_msg+0x198/0x378 [&lt;453ef796&gt;] netlink_rcv_skb+0xd0/0x130 [&lt;6b7c977a&gt;] genl_rcv+0x34/0x44 [&lt;66b2d04d&gt;] x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] ___sys_sendmsg+0x80/0xb4 Sin embargo, dado que el kernel est\u00e1 optimizado, parece que la pila no es precisa. Parece que el problema est\u00e1 relacionado con wfx_set_mfp_ap(). El problema es obvio en esta funci\u00f3n: la memoria asignada por ieee80211_beacon_get() nunca se libera. Arreglar esta fuga hace feliz a kmemleak."}], "id": "CVE-2024-26896", "lastModified": "2025-03-21T14:45:40.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T11:15:10.727", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E4D76A9A-5B9B-4BBE-AF0B-2D358C8DDB1A (string)

versionEndExcluding : 6.1.83 (string)

versionStartIncluding : 5.10 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E00814DC-0BA7-431A-9926-80FEB4A96C68 (string)

versionEndExcluding : 6.6.23 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD (string)

versionEndExcluding : 6.7.11 (string)

versionStartIncluding : 6.7 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 543A75FF-25B8-4046-A514-1EA8EDD87AB1 (string)

versionEndExcluding : 6.8.2 (string)

versionStartIncluding : 6.8 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74 [<a2c61343>] __alloc_skb+0xa0/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy. (string)

}

1 : { »

lang : es (string)

value : En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: wfx: corrige la pérdida de memoria al iniciar AP Kmemleak informó este error: objeto sin referencia 0xd73d1180 (tamaño 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (edad 964.245 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ rastreo inverso: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [] __netdev_alloc_skb +0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] 8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+ 0x404/0x6b4 [mac80211] [] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] 130 [<6b7c977a>] genl_rcv+0x34/0x44 [ <66b2d04d>] netlink_unicast+0x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] b4 [<69954f45>] __sys_sendmsg+0x64/0xa8 sin referencia Objeto 0xCE087000 (tamaño 1024): Comm "WPA_Supplicant", PID 1559, Jiffies 13006305 (Edad 964.246s) Volcado hexagonal (Primero 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... ............ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ retroceso: [<9a993714> ] __kmalloc_track_caller+0x230/0x600 [] kmalloc_reserve.constprop.0+0x30/0x74 [] __alloc_skb+0xa0/0x170 [] __netdev_alloc_skb+0x50/0x180 9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [ mac80211] [] nl80211_start_ap+0x76c /0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] ___sys_sendmsg+0x80/0xb4 Sin embargo, dado que el kernel está optimizado, parece que la pila no es precisa. Parece que el problema está relacionado con wfx_set_mfp_ap(). El problema es obvio en esta función: la memoria asignada por ieee80211_beacon_get() nunca se libera. Arreglar esta fuga hace feliz a kmemleak. (string)

}

]

id : CVE-2024-26896 (string)

lastModified : 2025-03-21T14:45:40.590 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2024-04-17T11:15:10.727 (string)

references : [ »

0 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

}

1 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

}

2 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

}

3 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

}

4 : { »

source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3 (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487 (string)

}

]

sourceIdentifier : 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-125 (string)

}

]

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "kernel: wifi: wfx: fix memory leak when starting AP", "id": "2275657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275657"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: wfx: fix memory leak when starting AP\nKmemleak reported this error:\nunreferenced object 0xd73d1180 (size 184):\ncomm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00  ................\nbacktrace:\n[<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n[<127bdd74>] __alloc_skb+0x144/0x170\n[<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n[<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n[<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n[<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n[<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n[<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n[<47bd8b68>] genl_rcv_msg+0x198/0x378\n[<453ef796>] netlink_rcv_skb+0xd0/0x130\n[<6b7c977a>] genl_rcv+0x34/0x44\n[<66b2d04d>] netlink_unicast+0x1b4/0x258\n[<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n[<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n[<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n[<69954f45>] __sys_sendmsg+0x64/0xa8\nunreferenced object 0xce087000 (size 1024):\ncomm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............\nbacktrace:\n[<9a993714>] __kmalloc_track_caller+0x230/0x600\n[<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n[<a2c61343>] __alloc_skb+0xa0/0x170\n[<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n[<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n[<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n[<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n[<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n[<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n[<47bd8b68>] genl_rcv_msg+0x198/0x378\n[<453ef796>] netlink_rcv_skb+0xd0/0x130\n[<6b7c977a>] genl_rcv+0x34/0x44\n[<66b2d04d>] netlink_unicast+0x1b4/0x258\n[<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n[<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n[<d2b5212d>] ___sys_sendmsg+0x80/0xb4\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."], "name": "CVE-2024-26896", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26896\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26896\nhttps://lore.kernel.org/linux-cve-announce/2024041744-CVE-2024-26896-79fe@gregkh/T"], "threat_severity": "Low"}

{

bugzilla : { »

description : kernel: wifi: wfx: fix memory leak when starting AP (string)

id : 2275657 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2275657 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 4.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (string)

status : draft (string)

}

cwe : CWE-401 (string)

details : [ »

0 : In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74 [<a2c61343>] __alloc_skb+0xa0/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy. (string)

]

name : CVE-2024-26896 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

4 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

5 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

6 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : kernel-rt (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2024-04-17T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2024-26896 https://nvd.nist.gov/vuln/detail/CVE-2024-26896 https://lore.kernel.org/linux-cve-announce/2024041744-CVE-2024-26896-79fe@gregkh/T (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object