CVE-2024-27434

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27434
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27434.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27434
Downstream
Related
Published
2024-05-17T13:15:58Z
Modified
2025-09-26T16:21:35Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible.

References

Affected packages