{
  "threat_severity" : "Moderate",
  "public_date" : "2024-07-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband",
    "id" : "2301490",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2301490"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband\nWe have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz\nsband will be NULL even if it is WiFi 7 chip. So, add NULL handling here\nto avoid crash.", "A vulnerability was found in the Linux kernel's rtw89 driver function rtw89_scan_get_6g_disabled_chan() caused by its handling of 6 GHz band channels during scans. A lack of proper sband checks can lead to a situation where the sband is not available due to device limitations/restrictions set by the BIOS and this leads to a NULL pointer dereference. This can lead to system instability or crashes." ],
  "statement" : "Red Hat Enterprise Linux 8 is not affected by this vulnerability as the commit which introduced this vulnerability is not present in the specific versions or configurations of the Linux kernel used in its distributions.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-42125\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42125\nhttps://lore.kernel.org/linux-cve-announce/2024073026-CVE-2024-42125-b515@gregkh/T" ],
  "name" : "CVE-2024-42125",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}