CVE-2024-49938

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-49938

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49938.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-49938

Downstream

BELL-CVE-2024-49938

DEBIAN-CVE-2024-49938

DLA-4008-1

DLA-4075-1

OESA-2024-2518

OESA-2024-2519

OESA-2024-2521

OESA-2025-1078

RHSA-2025:6966

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4367-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:0035-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-10-21T18:15:15Z

Modified

2025-08-09T19:01:28Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9khtc: Use _skbsetlength() for resetting urb before resubmit

Syzbot points out that skbtrim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling _skbsetlength(skb, 0) directly. In addition, _skbsetlength() already contains a call to skbresettailpointer(), so remove the redundant call.

The syzbot report came from ath9khifusbregincb(), but there's a similar usage of skbtrim() in ath9khifusbrxcb(), change both while we're at it.

References

Affected packages