← back
CVE-2024-27434

wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

EPSS 0.2%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 May 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible.
Affected products
Linux · Linux