{
  "threat_severity" : "Moderate",
  "public_date" : "2024-04-03T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: iwlwifi: mvm: fix a crash when we run out of stations",
    "id" : "2273094",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2273094"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-99",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: iwlwifi: mvm: fix a crash when we run out of stations\nA DoS tool that injects loads of authentication frames made our AP\ncrash. The iwl_mvm_is_dup() function couldn't find the per-queue\ndup_data which was not allocated.\nThe root cause for that is that we ran out of stations in the firmware\nand we didn't really add the station to the firmware, yet we didn't\nreturn an error to mac80211.\nMac80211 was thinking that we have the station and because of that,\nsta_info::uploaded was set to 1. This allowed\nieee80211_find_sta_by_ifaddr() to return a valid station object, but\nthat ieee80211_sta didn't have any iwl_mvm_sta object initialized and\nthat caused the crash mentioned earlier when we got Rx on that station.", "A vulnerability was found in the Linux kernel's iwlwifi driver, which can result in a crash due to improper handling of station data (STA) when the system runs out of available stations in the firmware. This could lead to a denial of service (Dos) which crashes the Access Point (AP)." ],
  "statement" : "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-06-05T00:00:00Z",
    "advisory" : "RHSA-2024:3627",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-06-05T00:00:00Z",
    "advisory" : "RHSA-2024:3618",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.5.1.el8_10"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-26693\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26693\nhttps://lore.kernel.org/linux-cve-announce/2024040337-CVE-2024-26693-9c3b@gregkh/T" ],
  "name" : "CVE-2024-26693",
  "csaw" : false
}