Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-56539— wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()

EPSS 0.01% · P2

Affected Version Matrix 20

VendorProductVersion RangeStatus
LinuxLinux5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< a09760c513ae0f98c7082a1deace7fb6284ee866affected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< 1de0ca1d7320a645ba2ee5954f64be08935b002aaffected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< 5fa329c44e1e635da2541eab28b6cdb8464fc8d1affected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< 581261b2d6fdb4237b24fa13f5a5f87bf2861f2caffected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< b466746cfb6be43f9a1457bbee52ade397fb23eaaffected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< c4698ef8c42e02782604bf4f8a489dbf6b0c1365affected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< e2de22e4b6213371d9e76f74a10ce817572a8d74affected
5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e< d7774910c5583e61c5fe2571280366624ef48036affected
… +12 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-56539

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于wifi:cw1200模块中潜在的空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e ~ a09760c513ae0f98c7082a1deace7fb6284ee866 -
LinuxLinux 3.0 -

II. Public POCs for CVE-2024-56539

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-56539

登录查看更多情报信息。

Same Patch Batch · Linux · 2024-12-27 · 221 CVEs total

CVE-2024-56607wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
CVE-2024-56594drm/amdgpu: set the right AMDGPU sg segment limitation
CVE-2024-56595jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
CVE-2024-56596jfs: fix array-index-out-of-bounds in jfs_readdir
CVE-2024-56597jfs: fix shift-out-of-bounds in dbSplit
CVE-2024-56598jfs: array-index-out-of-bounds fix in dtReadFirst
CVE-2024-56599wifi: ath10k: avoid NULL pointer error during sdio remove
CVE-2024-56601net: inet: do not leave a dangling sk pointer in inet_create()
CVE-2024-56600net: inet6: do not leave a dangling sk pointer in inet6_create()
CVE-2024-56602net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
CVE-2024-56603net: af_can: do not leave a dangling sk pointer in can_create()
CVE-2024-56604Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
CVE-2024-56605Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
CVE-2024-56606af_packet: avoid erroring out after sock_init_data() in packet_create()
CVE-2024-56618pmdomain: imx: gpcv2: Adjust delay after power up handshake
CVE-2024-56615bpf: fix OOB devmap writes when deleting elements
CVE-2024-56616drm/dp_mst: Fix MST sideband message body length check
CVE-2024-56617cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
CVE-2024-56614xsk: fix OOB map writes when deleting elements
CVE-2024-56619nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

Showing top 20 of 221 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-56539

No comments yet

Leave a comment