CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-50235: wifi: cfg80211: clear wdev->cqm_config pointer on free

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: clear wdev->cqm_config pointer on free

When we free wdev->cqm_config when unregistering, we also
need to clear out the pointer since the same wdev/netdev
may get re-registered in another network namespace, then
destroyed later, running this code again, which results in
a double-free.

Classification

CVE ID: CVE-2024-50235

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 5.49% (scored less or equal to compared to others)

EPSS Date: 2025-06-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-50235
https://git.kernel.org/stable/c/ba392e1355ba74b1d4fa11b85f71ab6ed7ecc058
https://git.kernel.org/stable/c/6c44abb2d4c3262737d5d67832daebc8cf48b8c9
https://git.kernel.org/stable/c/64e4c45d23cd7f6167f69cc2d2877bc7f54292e5
https://git.kernel.org/stable/c/d5fee261dfd9e17b08b1df8471ac5d5736070917

Timeline

2025-03-06 09:45:29 UTC
Tenable Plugins

Linux Distros Unpatched Vulnerability : CVE-2024-50235
2025-05-04 10:40:22 UTC
CVE

wifi: cfg80211: clear wdev->cqm_config pointer on free