CVE-2024-27056

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has been configured. At resume time it then tries to sync the write pointer as it may have been updated by the firmware. In the unusual event that no packets have been send on TID 0, the queue will not have been allocated and this causes a crash. Fix this by ensuring the queue exist at suspend time.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/35afffaddbe8d310dc61659da0b1a337b0d0addc	Patch
https://git.kernel.org/stable/c/4903303f25f48b5a1e34e6324c7fae9ccd6b959a	Patch
https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f	Patch
https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5	Patch
https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f	Patch
https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.8:rc6::::::

History

No history.

Information

Published : 2024-05-01 13:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-27056

Mitre link : CVE-2024-27056

CVE.ORG link : CVE-2024-27056

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-27056", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-01T13:15:50.360", "references": [{"url": "https://git.kernel.org/stable/c/35afffaddbe8d310dc61659da0b1a337b0d0addc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4903303f25f48b5a1e34e6324c7fae9ccd6b959a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: ensure offloading TID queue exists\n\nThe resume code path assumes that the TX queue for the offloading TID\nhas been configured. At resume time it then tries to sync the write\npointer as it may have been updated by the firmware.\n\nIn the unusual event that no packets have been send on TID 0, the queue\nwill not have been allocated and this causes a crash. Fix this by\nensuring the queue exist at suspend time."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: aseg\u00farese de que exista la cola de descarga TID La ruta del c\u00f3digo de reanudaci\u00f3n supone que se ha configurado la cola de TX para la descarga de TID. En el momento de la reanudaci\u00f3n, intenta sincronizar el puntero de escritura, ya que es posible que el firmware lo haya actualizado. En el caso inusual de que no se hayan enviado paquetes en el TID 0, la cola no se habr\u00e1 asignado y esto provocar\u00e1 una falla. Solucione este problema asegur\u00e1ndose de que la cola exista en el momento de la suspensi\u00f3n."}], "lastModified": "2025-11-03T20:16:11.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F37CFA2-5A70-4204-9A20-1847146496C7", "versionEndExcluding": "6.1.132"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB56F36-C998-496A-A2E4-D9E0BB3A5BFC", "versionEndExcluding": "6.6.85", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}