CVE-2024-36921
📋 TL;DR
This CVE addresses an out-of-bounds array access vulnerability in the Linux kernel's iwlwifi driver when handling invalid station IDs during station removal. Attackers could potentially exploit this to cause kernel crashes or execute arbitrary code. Systems using affected Intel WiFi hardware with vulnerable kernel versions are impacted.
💻 Affected Systems
- Linux kernel with iwlwifi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to denial of service, or potential arbitrary code execution with kernel privileges resulting in complete system compromise.
Likely Case
System crash or instability when the driver enters an error state, causing denial of service on affected systems.
If Mitigated
Minor system instability or crash requiring reboot, with no privilege escalation if proper kernel protections are active.
🎯 Exploit Status
Exploitation requires triggering specific error conditions in the driver to reach the vulnerable code path with invalid station IDs.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 17f64517bf5c26af56b6c3566273aad6646c3c4f, 94f80a8ec15e238b78521f20f8afaed60521a294, fab21d220017daa5fd8a3d788ff25ccfecfaae2f
Vendor Advisory: https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable vulnerable WiFi hardware
linuxTemporarily disable Intel WiFi hardware using the iwlwifi driver
sudo modprobe -r iwlwifi
Use alternative network interface
linuxSwitch to wired Ethernet or different WiFi adapter not using iwlwifi driver
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable kernels
- Implement strict process isolation and limit driver interaction capabilities
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if iwlwifi module is loaded: lsmod | grep iwlwifi && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than patched versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- iwlwifi driver error logs in dmesg
- System crash reports
Network Indicators:
- Unexpected WiFi disconnections
- Network interface failures
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "iwlwifi")🔗 References
- https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f
- https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294
- https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f
- https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f
- https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294
- https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f
