CVE-2024-56539

MEDIUM EPSS 20.4%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
20.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥3.0  –  <4.19.325
linuxlinux_kernel*≥4.20  –  <5.4.287
linuxlinux_kernel*≥5.5  –  <5.10.231
linuxlinux_kernel*≥5.11  –  <5.15.174
linuxlinux_kernel*≥5.16  –  <6.1.120
linuxlinux_kernel*≥6.2  –  <6.6.64
linuxlinux_kernel*≥6.7  –  <6.11.11
linuxlinux_kernel*≥6.12  –  <6.12.2

References 11

  • git.kernel.org https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74
    Patch