CVE-2024-35838

MEDIUM

Linux Kernel < 6.1.76 - Memory Leak

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet (e.g. during connection to an AP MLD), we might remove the station without ever marking links valid, and leak them. Fix that.

References (4)

[Patch] https://git.kernel.org/stable/c/49aaeb8c539b1633b3bd7c2df131ec578aa1eae1

[Patch] https://git.kernel.org/stable/c/587c5892976108674bbe61a8ff659de279318034

[Patch] https://git.kernel.org/stable/c/b01a74b3ca6fd51b62c67733ba7c3280fa6c5d26

[Patch] https://git.kernel.org/stable/c/e04bf59bdba0fa45d52160be676114e16be855a9

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (5)

linux/linux_kernel < 6.1.76

linux/linux_kernel

linux/Kernel < 6.1.76linux

linux/Kernel < 6.6.15linux

linux/Kernel < 6.7.3linux

Timeline

Published May 17, 2024

Tracked Since Feb 18, 2026