CVE-2024-41071 - Vulnerability Details

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Extras Rt Els Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
kernel-0:2.6.32-754.54.1.el6	cpe:/o:redhat:rhel_els:6	RHSA-2024:7227	2024-09-26T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
kernel-0:3.10.0-1062.91.1.el7	cpe:/o:redhat:rhel_aus:7.7	RHSA-2024:6999	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
kernel-rt-0:3.10.0-1160.125.1.rt56.1277.el7	cpe:/a:redhat:rhel_extras_rt_els:7	RHSA-2024:6995	2024-09-24T00:00:00Z
kernel-0:3.10.0-1160.125.1.el7	cpe:/o:redhat:rhel_els:7	RHSA-2024:6994	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:7001	2024-09-24T00:00:00Z
kernel-0:4.18.0-553.22.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7000	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:7429	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
kernel-0:4.18.0-193.141.1.el8_2	cpe:/o:redhat:rhel_aus:8.2	RHSA-2024:6992	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
kernel-0:4.18.0-305.141.1.el8_4	cpe:/o:redhat:rhel_aus:8.4	RHSA-2024:7002	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
kernel-rt-0:4.18.0-305.141.1.rt7.217.el8_4	cpe:/a:redhat:rhel_tus:8.4::nfv	RHSA-2024:7003	2024-09-24T00:00:00Z
kernel-0:4.18.0-305.141.1.el8_4	cpe:/o:redhat:rhel_tus:8.4	RHSA-2024:7002	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
kernel-0:4.18.0-305.141.1.el8_4	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2024:7002	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.4	RHSA-2024:7427	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
kernel-0:4.18.0-372.124.1.el8_6	cpe:/o:redhat:rhel_aus:8.6	RHSA-2024:6998	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
kernel-0:4.18.0-372.124.1.el8_6	cpe:/o:redhat:rhel_tus:8.6	RHSA-2024:6998	2024-09-24T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
kernel-0:4.18.0-372.124.1.el8_6	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:6998	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:8.6	RHSA-2024:7433	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
kernel-0:4.18.0-477.74.1.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:6993	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:7430	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.37.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:6997	2024-09-24T00:00:00Z
kernel-0:5.14.0-427.37.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:6997	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:7432	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
kernel-0:5.14.0-70.117.1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2024:6991	2024-09-24T00:00:00Z
kernel-rt-0:5.14.0-70.117.1.rt21.189.el9_0	cpe:/a:redhat:rhel_e4s:9.0::nfv	RHSA-2024:6990	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:9.0	RHSA-2024:7428	2024-10-01T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.85.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:7004	2024-09-24T00:00:00Z
kernel-rt-0:5.14.0-284.85.1.rt14.370.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:7005	2024-09-24T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:9.2	RHSA-2024:7431	2024-10-01T00:00:00Z

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2024072909-CVE-2024-41071-4eb6@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-41071
https://www.cve.org/CVERecord?id=CVE-2024-41071

History

Wed, 05 Feb 2025 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-129
CPEs	cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/2663d0462eb32ae7c9b035300ab6b1523886c718 https://git.kernel.org/stable/c/26b177ecdd311f20de4c379f0630858a675dfc0c https://git.kernel.org/stable/c/4f43a614b1b84f0d1e3c48cc541c3bfdf414a6d0 https://git.kernel.org/stable/c/a2bb0c5d0086be5ab5054465dfaa381a1144905c

Wed, 05 Feb 2025 19:15:00 +0000

Type	Values Removed	Values Added
Title	wifi: mac80211: Avoid address calculations via out of bounds array indexing	kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Feb 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Avoid address calculations via out of bounds array indexing req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Thu, 17 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 17 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/26b177ecdd311f20de4c379f0630858a675dfc0c https://git.kernel.org/stable/c/a2bb0c5d0086be5ab5054465dfaa381a1144905c

Tue, 01 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_e4s:9.0 cpe:/o:redhat:rhel_eus:9.2

Thu, 26 Sep 2024 23:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_els:6

Tue, 24 Sep 2024 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_eus:9.2 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 cpe:/o:redhat:rhel_aus:8.6 cpe:/o:redhat:rhel_e4s:8.6 cpe:/o:redhat:rhel_els:7 cpe:/o:redhat:rhel_eus:8.8 cpe:/o:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Els

Tue, 24 Sep 2024 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Extras Rt Els Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.0::nfv cpe:/a:redhat:rhel_eus:9.2::nfv cpe:/a:redhat:rhel_extras_rt_els:7 cpe:/a:redhat:rhel_tus:8.4::nfv cpe:/o:redhat:rhel_aus:7.7 cpe:/o:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_aus:8.4 cpe:/o:redhat:rhel_e4s:8.4 cpe:/o:redhat:rhel_tus:8.4
Vendors & Products		Redhat Redhat enterprise Linux Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Extras Rt Els Redhat rhel Tus

Tue, 17 Sep 2024 02:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `Important`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics	threat_severity `Low`	threat_severity `Moderate`

Mon, 26 Aug 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-129
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: REJECTED

Assigner: Linux

Published: 2024-07-29T14:57:31.623Z

Updated: 2025-02-05T18:49:05.405Z

Reserved: 2024-07-12T12:17:45.631Z

Link: CVE-2024-41071

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-07-29T15:15:14.863

Modified: 2025-02-05T19:15:22.200

Link: CVE-2024-41071

Redhat

Severity : Important

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-41071 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object