Linux kernel NL80211 NULL ptr deref
CVE-2024-36941 Published on May 30, 2024
wifi: nl80211: don't free NULL coalescing rule
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: don't free NULL coalescing rule
If the parsing fails, we can dereference a NULL pointer here.
Vulnerability Analysis
CVE-2024-36941 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2024-36941
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-36941 are published in these products:
Affected Versions
Linux:- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below 327382dc0f16b268950b96e0052595efd80f7b0a is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below 97792d0611ae2e6fe3ccefb0a94a1d802317c457 is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below 5a730a161ac2290d46d49be76b2b1aee8d2eb307 is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below ad12c74e953b68ad85c78adc6408ed8435c64af4 is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below b0db4caa10f2e4e811cf88744fbf0d074b67ec1f is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below 244822c09b4f9aedfb5977f03c0deeb39da8ec7d is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below f92772a642485394db5c9a17bd0ee73fc6902383 is affected.
- Version be29b99a9b51b0338eea3c66a58de53bbd01de24 and below 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 is affected.
- Version 3.12 is affected.
- Before 3.12 is unaffected.
- Version 4.19.314, <= 4.19.* is unaffected.
- Version 5.4.276, <= 5.4.* is unaffected.
- Version 5.10.217, <= 5.10.* is unaffected.
- Version 5.15.159, <= 5.15.* is unaffected.
- Version 6.1.91, <= 6.1.* is unaffected.
- Version 6.6.31, <= 6.6.* is unaffected.
- Version 6.8.10, <= 6.8.* is unaffected.
- Version 6.9, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.