Login Sign Up

CVE-2024-42225

7.5 HIGH

📋 TL;DR

This CVE addresses an information disclosure vulnerability in the Linux kernel's MediaTek MT76 WiFi driver. The vulnerability could allow attackers to read uninitialized kernel memory data from WiFi packets. Systems using affected MediaTek WiFi hardware with vulnerable kernel versions are at risk.

💻 Affected Systems

Products:
  • Linux kernel with MediaTek MT76 WiFi driver
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with MediaTek MT76 WiFi hardware/chipsets. The vulnerability is in the driver code, not the kernel core.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive kernel memory contents, potentially exposing cryptographic keys, passwords, or other sensitive data that could lead to privilege escalation or further system compromise.

🟠

Likely Case

Information disclosure of kernel memory contents, which could be used for reconnaissance or combined with other vulnerabilities for more severe attacks.

🟢

If Mitigated

Minimal impact with proper network segmentation and kernel hardening, as the vulnerability requires local network access and specific hardware.

🌐 Internet-Facing: LOW - Requires local network access to WiFi interface and specific MediaTek hardware.
🏢 Internal Only: MEDIUM - Internal attackers on the same network could potentially exploit this to gather system information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires local network access to the WiFi interface and knowledge of the specific hardware/driver. No public exploits have been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 22ea2a7f0b64d, 64f86337ccfe, 7f819a2f4fbc, dc7f14d00d0c, ff6b26be1303

Vendor Advisory: https://git.kernel.org/stable/c/22ea2a7f0b64d323625950414a4496520fb33657

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel. 4. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable affected WiFi interface

linux

Temporarily disable the MediaTek MT76 WiFi interface if not required

sudo ip link set wlan0 down
sudo nmcli radio wifi off

Use alternative network interface

linux

Switch to wired Ethernet or different WiFi hardware if available

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate systems with vulnerable hardware
  • Monitor network traffic for unusual patterns and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check if system uses MediaTek MT76 WiFi hardware: 'lspci | grep -i mediatek' or 'lsusb | grep -i mediatek'. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to one containing the fix commits. Check driver version: 'modinfo mt76'

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing memory access errors
  • Driver initialization failures

Network Indicators:

  • Unusual WiFi packet patterns
  • Excessive retransmissions on affected interfaces

SIEM Query:

source="kernel" AND ("mt76" OR "MediaTek") AND ("error" OR "warning" OR "panic")

📊 Metadata

CVE ID: CVE-2024-42225
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-908
Published: July 30, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42225, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)