CVE-2024-43879 Affecting kernel-syms package, versions <6.4.0-150600.23.22.1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES156-KERNELSYMS-8081408
- published 24 Sep 2024
- disclosed 23 Sep 2024
Introduced: 23 Sep 2024
CVE-2024-43879 Open this link in a new tabHow to fix?
Upgrade SLES:15.6 kernel-syms to version 6.4.0-150600.23.22.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-syms package and not the kernel-syms package as distributed by SLES.
See How to fix? for SLES:15.6 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning:
kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211]
Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth.
References
- https://www.suse.com/security/cve/CVE-2024-43879.html
- https://bugzilla.suse.com/1229482
- https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27
- https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd
- https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f
- https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9
- https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086
- https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142
- https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d
- https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6