CVE-2024-27434

MEDIUM

Linux kernel - Unknown Vuln

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible.

References (4)

[Patch] https://git.kernel.org/stable/c/40405cbb20eb6541c603e7b3d54ade0a7be9d715

[Patch] https://git.kernel.org/stable/c/60f6d5fc84a9fd26528a24d8a267fc6a6698b628

[Patch] https://git.kernel.org/stable/c/b4f1b0b3b91762edd19bf9d3b2e4c3a0740501f8

[Patch] https://git.kernel.org/stable/c/e35f316bce9e5733c9826120c1838f4c447b2c4c

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status published

Affected Products (4)

linux/linux_kernel < 6.6.23

linux/Kernel < 6.6.23linux

linux/Kernel < 6.7.11linux

linux/Kernel < 6.8.2linux

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026