CVE-2024-43879

low-risk

Published 2024-08-21

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (10)

Patch https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27

Patch https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd

Patch https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f

Patch https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9

Patch https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086

Patch https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142

Patch https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d

Patch https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6

https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal