CVE-2024-27434

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27434

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27434.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27434

Downstream

BELL-CVE-2024-27434

DEBIAN-CVE-2024-27434

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024:5363

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-27434

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

Related

Published

2024-05-17T13:15:58Z

Modified

2025-09-26T16:21:35Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't set the MFP flag for the GTK

The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible.

References

Affected packages