CVE-2024-36970

low-risk
Published 2024-06-08

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker threads are busy and some work that needs to complete cannot complete. [also remove unnecessary "load_module" var and now-wrong comment]

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4
Patch https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e
Patch https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4
Patch https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal