{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-26896", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.186Z", "datePublished": "2024-04-17T10:27:47.214Z", "dateUpdated": "2026-05-11T20:06:31.074Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:06:31.074Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n unreferenced object 0xd73d1180 (size 184):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................\n backtrace:\n [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n [<127bdd74>] __alloc_skb+0x144/0x170\n [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n [<69954f45>] __sys_sendmsg+0x64/0xa8\n unreferenced object 0xce087000 (size 1024):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............\n backtrace:\n [<9a993714>] __kmalloc_track_caller+0x230/0x600\n [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n [<a2c61343>] __alloc_skb+0xa0/0x170\n [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "versions": [{"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "a1f57a0127b89a6b6620514564aa7eaec16d9af3", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "3a71ec74e5e3478d202a1874f085ca3ef40be49b", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "12f00a367b2b62756e0396f14b54c2c15524e1c3", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "dadbb5d29d6c5f571a50272fce8c1505a9559487", "status": "affected", "versionType": "git"}, {"version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "b8cfb7c819dd39965136a66fe3a7fde688d976fc", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.83", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.23", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.11", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.2", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.83"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.23"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.7.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.8.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}], "title": "wifi: wfx: fix memory leak when starting AP", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26896", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T16:49:12.892582Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "268bceec1684", "lessThan": "a1f57a0127b8", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:48:38.723Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.675Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.675Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26896", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-13T16:49:12.892582Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "268bceec1684", "lessThan": "a1f57a0127b8", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-13T17:14:18.080Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "wifi: wfx: fix memory leak when starting AP", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "a1f57a0127b89a6b6620514564aa7eaec16d9af3", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "3a71ec74e5e3478d202a1874f085ca3ef40be49b", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "12f00a367b2b62756e0396f14b54c2c15524e1c3", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "dadbb5d29d6c5f571a50272fce8c1505a9559487", "versionType": "git"}, {"status": "affected", "version": "268bceec1684932e194ae87877dcc73f534d921c", "lessThan": "b8cfb7c819dd39965136a66fe3a7fde688d976fc", "versionType": "git"}], "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.83", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.23", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.11", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.2", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/silabs/wfx/sta.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}, {"url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n unreferenced object 0xd73d1180 (size 184):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................\n backtrace:\n [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n [<127bdd74>] __alloc_skb+0x144/0x170\n [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n [<69954f45>] __sys_sendmsg+0x64/0xa8\n unreferenced object 0xce087000 (size 1024):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............\n backtrace:\n [<9a993714>] __kmalloc_track_caller+0x230/0x600\n [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n [<a2c61343>] __alloc_skb+0xa0/0x170\n [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.23", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.11", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.2", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "5.10"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:06:31.074Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26896", "state": "PUBLISHED", "dateUpdated": "2026-05-11T20:06:31.074Z", "dateReserved": "2024-02-19T14:20:24.186Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-17T10:27:47.214Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4D76A9A-5B9B-4BBE-AF0B-2D358C8DDB1A", "versionEndExcluding": "6.1.83", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68", "versionEndExcluding": "6.6.23", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD", "versionEndExcluding": "6.7.11", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1", "versionEndExcluding": "6.8.2", "versionStartIncluding": "6.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wfx: fix memory leak when starting AP\n\nKmemleak reported this error:\n\n unreferenced object 0xd73d1180 (size 184):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................\n backtrace:\n [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n [<127bdd74>] __alloc_skb+0x144/0x170\n [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n [<69954f45>] __sys_sendmsg+0x64/0xa8\n unreferenced object 0xce087000 (size 1024):\n comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............\n backtrace:\n [<9a993714>] __kmalloc_track_caller+0x230/0x600\n [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n [<a2c61343>] __alloc_skb+0xa0/0x170\n [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n [<47bd8b68>] genl_rcv_msg+0x198/0x378\n [<453ef796>] netlink_rcv_skb+0xd0/0x130\n [<6b7c977a>] genl_rcv+0x34/0x44\n [<66b2d04d>] netlink_unicast+0x1b4/0x258\n [<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n [<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n [<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: wfx: corrige la p\u00e9rdida de memoria al iniciar AP Kmemleak inform\u00f3 este error: objeto sin referencia 0xd73d1180 (tama\u00f1o 184): comm \"wpa_supplicant\", pid 1559, jiffies 13006305 (edad 964.245 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ rastreo inverso: [&lt;5ca11420&gt;] kmem_cache_alloc+0x20c/0x5ac [&lt;127bdd74&gt;] __alloc_skb+0x144/0x170 [] __netdev_alloc_skb +0x50/0x180 [&lt;0f9fa1d5&gt;] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [&lt;7accd02d&gt;] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [&lt;41e25cc3&gt;] 8/0x234 [wfx] [&lt;93a70356&gt;] ieee80211_start_ap+ 0x404/0x6b4 [mac80211] [] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [&lt;47bd8b68&gt;] genl_rcv_msg+0x198/0x378 [&lt;453ef796&gt;] 130 [&lt;6b7c977a&gt;] genl_rcv+0x34/0x44 [ &lt;66b2d04d&gt;] netlink_unicast+0x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] b4 [&lt;69954f45&gt;] __sys_sendmsg+0x64/0xa8 sin referencia Objeto 0xCE087000 (tama\u00f1o 1024): Comm \"WPA_Supplicant\", PID 1559, Jiffies 13006305 (Edad 964.246s) Volcado hexagonal (Primero 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... ............ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ retroceso: [&lt;9a993714&gt; ] __kmalloc_track_caller+0x230/0x600 [] kmalloc_reserve.constprop.0+0x30/0x74 [] __alloc_skb+0xa0/0x170 [] __netdev_alloc_skb+0x50/0x180 9fa1d5&gt;] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [&lt;7accd02d&gt;] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [&lt;41e25cc3&gt;] wfx_start_ap+0xc8/0x234 [wfx] [&lt;93a70356&gt;] ieee80211_start_ap+0x404/0x6b4 [ mac80211] [] nl80211_start_ap+0x76c /0x9e0 [cfg80211] [&lt;47bd8b68&gt;] genl_rcv_msg+0x198/0x378 [&lt;453ef796&gt;] netlink_rcv_skb+0xd0/0x130 [&lt;6b7c977a&gt;] genl_rcv+0x34/0x44 [&lt;66b2d04d&gt;] x1b4/0x258 [] netlink_sendmsg+0x1e8/0x428 [] ____sys_sendmsg+0x1e0/0x274 [] ___sys_sendmsg+0x80/0xb4 Sin embargo, dado que el kernel est\u00e1 optimizado, parece que la pila no es precisa. Parece que el problema est\u00e1 relacionado con wfx_set_mfp_ap(). El problema es obvio en esta funci\u00f3n: la memoria asignada por ieee80211_beacon_get() nunca se libera. Arreglar esta fuga hace feliz a kmemleak."}], "id": "CVE-2024-26896", "lastModified": "2025-03-21T14:45:40.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T11:15:10.727", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/12f00a367b2b62756e0396f14b54c2c15524e1c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3a71ec74e5e3478d202a1874f085ca3ef40be49b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a1f57a0127b89a6b6620514564aa7eaec16d9af3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b8cfb7c819dd39965136a66fe3a7fde688d976fc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dadbb5d29d6c5f571a50272fce8c1505a9559487"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: wifi: wfx: fix memory leak when starting AP", "id": "2275657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275657"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: wfx: fix memory leak when starting AP\nKmemleak reported this error:\nunreferenced object 0xd73d1180 (size 184):\ncomm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.245s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................\nbacktrace:\n[<5ca11420>] kmem_cache_alloc+0x20c/0x5ac\n[<127bdd74>] __alloc_skb+0x144/0x170\n[<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n[<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n[<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n[<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n[<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n[<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n[<47bd8b68>] genl_rcv_msg+0x198/0x378\n[<453ef796>] netlink_rcv_skb+0xd0/0x130\n[<6b7c977a>] genl_rcv+0x34/0x44\n[<66b2d04d>] netlink_unicast+0x1b4/0x258\n[<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n[<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n[<d2b5212d>] ___sys_sendmsg+0x80/0xb4\n[<69954f45>] __sys_sendmsg+0x64/0xa8\nunreferenced object 0xce087000 (size 1024):\ncomm \"wpa_supplicant\", pid 1559, jiffies 13006305 (age 964.246s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............\nbacktrace:\n[<9a993714>] __kmalloc_track_caller+0x230/0x600\n[<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74\n[<a2c61343>] __alloc_skb+0xa0/0x170\n[<fb8a5e38>] __netdev_alloc_skb+0x50/0x180\n[<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211]\n[<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211]\n[<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx]\n[<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211]\n[<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211]\n[<47bd8b68>] genl_rcv_msg+0x198/0x378\n[<453ef796>] netlink_rcv_skb+0xd0/0x130\n[<6b7c977a>] genl_rcv+0x34/0x44\n[<66b2d04d>] netlink_unicast+0x1b4/0x258\n[<f965b9b6>] netlink_sendmsg+0x1e8/0x428\n[<aadb8231>] ____sys_sendmsg+0x1e0/0x274\n[<d2b5212d>] ___sys_sendmsg+0x80/0xb4\nHowever, since the kernel is build optimized, it seems the stack is not\naccurate. It appears the issue is related to wfx_set_mfp_ap(). The issue\nis obvious in this function: memory allocated by ieee80211_beacon_get()\nis never released. Fixing this leak makes kmemleak happy."], "name": "CVE-2024-26896", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26896\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26896\nhttps://lore.kernel.org/linux-cve-announce/2024041744-CVE-2024-26896-79fe@gregkh/T"], "threat_severity": "Low"}

{}