CVE-2024-35937

Advisory lineage Upstream: 0 Downstream: 27

Downstream

DEBIAN-CVE-2024-35937 DLA-4008-1 DSA-5782-1 RHSA-2024:4740 RHSA-2024:5101 RHSA-2024:5102

Modified

Published: 19 May 2024, 10:10

Last modified:11 May 2026, 20:14

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

7.1 HIGH

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

19 May 2024, 10:10

Published

Vulnerability first disclosed

11 May 2026, 20:14

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more careful and check if the subframe header can even be present.

CVSS Metrics

v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 3%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

linux•linux
≥ 966d5c2c22edcc0ab3d519af39f91a29329c979a, < 9eb3bc0973d084423a6df21cf2c74692ff05647e | ≥ 6e4c0d0460bd32ca9244dff3ba2d2da27235de11, < 5d7a8585fbb31e88fb2a0f581b70667d3300d1e9 | ≥ 6e4c0d0460bd32ca9244dff3ba2d2da27235de11, < 16da1e1dac23be45ef6e23c41b1508c400e6c544 | ≥ 6e4c0d0460bd32ca9244dff3ba2d2da27235de11, < 9ad7974856926129f190ffbe3beea78460b3b7cc | 6.3
linux•linux_kernel
< 6.6.27 | ≥ 6.7, < 6.8.6