- CVE-2024-38562
- Suggested Configuration
- OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.10.0 up to (excluding) 6.10
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.6.0 up to (excluding) 6.6.33
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.8.0 up to (excluding) 6.8.12
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.9.0 up to (excluding) 6.9.3
- Reference
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.10
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.6.33
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.8.12
- https://www.kernel.org/pub//linux/kernel/v6.x/ChangeLog-6.9.3
- Reference (Commit)
- wifi: nl80211: Avoid address calculations via out of bounds array indexing
- Fixed by
- 6.10 (838c7b8f1f278404d9d684c34a8cb26dc41aaaa1) (upstream)
- 6.6.33 (ed74398642fcb19f6ff385c35a7d512c6663e17b)
- 6.8.12 (4e2a5566462b53db7d4c4722da86eedf0b8f546c)
- 6.9.3 (8fa4d56564ee7cc2ee348258d88efe191d70dd7f)
- Will be introduced by
- 6.6 (e3eac9f32ec0)
- I Checked
- XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
- From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
- For 3.16.35, there is related post at lkml
- For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
- XXXX
witchcraze
commented
5 days ago
[CVE Configuration Update Request] Update Suggestion - CVE-2024-38562 - Cvss3 : 7.8
https://www.linuxkernelcves.com/cves/CVE-2024-38562 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2024-38562.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2024-38562.json