CVE-2024-35845

CRITICAL EPSS 63.5%
Published May 17, 20242y ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Critical
Find Similar
Published May 17, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
63.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-134

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥5.5  –  <5.10.214
linuxlinux_kernel*≥5.11  –  <5.15.153
linuxlinux_kernel*≥5.16  –  <6.1.83
linuxlinux_kernel*≥6.2  –  <6.6.23
linuxlinux_kernel*≥6.7  –  <6.7.11
linuxlinux_kernel*≥6.8  –  <6.8.2
debiandebian_linux10.0any

References 9

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9
    Patch