What is CVE-2024-26693?

CVE-2024-26693 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2024-26693 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-26693?

CVE-2024-26693 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2024-26693?

No patch is currently available for CVE-2024-26693. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-26693 actively exploited?

CVE-2024-26693 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-26693

Medium

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix a crash when we run out of stations A DoS tool that injects loads of authentication frames made our AP crash. The iwl_mvm_is_dup() function couldn't find the per-queue dup_data which was not allocated. The root cause for that is that we ran out of stations in the firmware and we didn't really add the station to the firmware, yet we didn't return an error to mac80211. Mac80211 was thinking that we have the station and because of that, sta_info::uploaded was set to 1. This allowed ieee80211_find_sta_by_ifaddr() to return a valid station object, but that ieee80211_sta didn't have any iwl_mvm_sta object initialized and that caused the crash mentioned earlier when we got Rx on that station.

Package Linux Kernel

Published 2024-04-03

Last modified 2025-03-17

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

The following references provide additional information about CVE-2024-26693 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/00f4eb31b8193f6070ce24df636883f9c104ca95
Patch
Kernel patch commit
https://git.kernel.org/stable/c/b7198383ef2debe748118996f627452281cf27d7
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c12f0f4d4caf23b1bfdc2602b6b70d56bdcd6aa7
Patch

Details

CVE ID CVE-2024-26693

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-04-03

Modified 2025-03-17

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-26693?

CVE-2024-26693 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2024-26693 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-26693?

CVE-2024-26693 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2024-26693?

No patch is currently available for CVE-2024-26693. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-26693 actively exploited?

No — CVE-2024-26693 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.