What is CVE-2024-43841?

CVE-2024-43841 is a Low severity Linux kernel vulnerability with a CVSS score of 3.3 out of 10. CVE-2024-43841 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2024-43841?

CVE-2024-43841 has a CVSS score of 3.3 out of 10, rated Low severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Is there a patch available for CVE-2024-43841?

No patch is currently available for CVE-2024-43841. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2024-43841 actively exploited?

CVE-2024-43841 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2024-43841

Low

In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code.

Package Linux Kernel

Published 2024-08-17

Last modified 2025-11-03

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

3.3

out of 10

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

The following references provide additional information about CVE-2024-43841 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Debian Security
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
Debian Security
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Kernel patch commit
https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414
Patch
Kernel patch commit
https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29
Patch
Kernel patch commit
https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d
Patch

7 patch commits total View all on NVD

Details

CVE ID CVE-2024-43841

Severity Low

CVSS score 3.3 / 10

CVSS version 3.1

Published 2024-08-17

Modified 2025-11-03

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2024-43841?

CVE-2024-43841 is a Low severity Linux kernel vulnerability with a CVSS score of 3.3 out of 10 . CVE-2024-43841 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2024-43841?

CVE-2024-43841 has a CVSS score of 3.3 out of 10, rated Low severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.
Is there a patch available for CVE-2024-43841?

No patch is currently available for CVE-2024-43841. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2024-43841 actively exploited?

No — CVE-2024-43841 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.