CVE-2024-58062

MEDIUM5.5

wifi: iwlwifi: mvm: avoid NULL pointer dereference

Published Mar 6, 2025

Modified 1 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: avoid NULL pointer dereference

When iterating over the links of a vif, we need to make sure that the pointer is valid (in other words - that the link exists) before dereferncing it. Use for_each_vif_active_link that also does the check.

References

WEB

https://git.kernel.org/stable/c/7f6fb4b7611eb6371c493c42fefad84a1742bcbb

WEB

https://git.kernel.org/stable/c/cf704a7624f99eb2ffca1a16c69183e85544a613

WEB

https://git.kernel.org/stable/c/fbb563ad5032a07ac83c746ce5c8de5f25b5ffd0

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-58062

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMar 6, 2025

ModifiedMay 11, 2026