CVE-2024-35913: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF When we want to know whether we should look for the mac_id or the link_id in struct iwl_mvm_session_prot_notif, we should look at the version of SESSION_PROTECTION_NOTIF. This causes WARNINGs: WARNING: CPU: 0 PID: 11403 at drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] RIP: 0010:iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] Code: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff <0f> 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9ae63a361000 RCX: ffff9ae4a98b60d4 RDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358 RBP: ffffb4bb00003d68 R08: 0000000000000003 R09: 0000000000000010 R10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050 R13: ffff9ae4761329e8 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <IRQ> ? show_regs+0x69/0x80 ? __warn+0x8d/0x150 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] ? report_bug+0x196/0x1c0 ? handle_bug+0x45/0x80 ? exc_invalid_op+0x1c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] iwl_mvm_rx_common+0x115/0x340 [iwlmvm] iwl_mvm_rx_mq+0xa6/0x100 [iwlmvm] iwl_pcie_rx_handle+0x263/0xa10 [iwlwifi] iwl_pcie_napi_poll_msix+0x32/0xd0 [iwlwifi]
AI Analysis
Technical Summary
CVE-2024-35913 is a medium-severity vulnerability identified in the Linux kernel's Intel wireless driver stack, specifically within the iwlwifi module's mvm (mac80211-based) component. The vulnerability arises from improper handling of the SESSION_PROTECTION_NOTIF structure versioning in the driver code. The issue is that when processing session protection notifications, the driver incorrectly determines whether to reference the mac_id or the link_id field within the struct iwl_mvm_session_prot_notif, based solely on the version of SESSION_PROTECTION_NOTIF. This logic flaw leads to kernel warnings and ultimately triggers invalid operation exceptions (invalid opcode exceptions) causing kernel crashes or system instability. The provided kernel warning logs illustrate the failure point in the function iwl_mvm_rx_session_protect_notif, which is responsible for handling these notifications. The crash occurs due to dereferencing incorrect or uninitialized pointers, leading to a denial of service (DoS) condition by crashing the kernel or causing a system panic. The vulnerability requires local privileges with low privileges (PR:L) and high attack complexity (AC:H), meaning an attacker must have some level of access to the system and the ability to trigger specific wireless driver events. No user interaction is required (UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity impact. The vulnerability affects specific Linux kernel versions identified by commit hashes, and no known exploits are currently reported in the wild. This flaw is relevant for systems running Intel wireless chipsets using the iwlwifi driver on Linux kernels containing the affected commits. The vulnerability was published on May 19, 2024, and has a CVSS v3.1 score of 4.7, categorized as medium severity.
Potential Impact
For European organizations, the primary impact of CVE-2024-35913 is the potential for denial of service on Linux systems using Intel wireless chipsets with the vulnerable iwlwifi driver. This could lead to unexpected system crashes or reboots, disrupting business operations, especially in environments relying heavily on wireless connectivity such as corporate laptops, IoT devices, or wireless infrastructure components running Linux. Critical infrastructure sectors, including finance, healthcare, and manufacturing, which often deploy Linux-based systems with Intel wireless hardware, may experience operational interruptions. While the vulnerability does not expose data confidentiality or integrity, the availability impact could affect productivity and service continuity. Organizations with remote or mobile workforces using affected Linux laptops or embedded devices may face increased risk of wireless connectivity loss or system instability. Since exploitation requires local access and some technical skill, the threat is more relevant to insider threats or attackers who have already gained limited system access. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for timely remediation.
Mitigation Recommendations
1. Apply Kernel Updates: Organizations should promptly update Linux kernels to versions that include the patch resolving CVE-2024-35913. Monitor vendor advisories and Linux kernel mailing lists for patched releases. 2. Limit Local Access: Restrict local user privileges and access to systems running vulnerable kernels to reduce the risk of exploitation by unprivileged users. 3. Wireless Driver Hardening: Disable or restrict the use of Intel wireless drivers on systems where wireless connectivity is not required or can be replaced with alternative hardware. 4. Monitoring and Logging: Implement enhanced monitoring of kernel logs and wireless driver messages to detect warning signs or crashes related to iwlwifi. 5. Incident Response Preparedness: Prepare for potential denial of service incidents by ensuring rapid recovery mechanisms such as automated reboots, failover wireless connectivity, or system snapshots. 6. Network Segmentation: Isolate critical Linux systems with wireless capabilities from untrusted networks to minimize exposure. 7. Vendor Coordination: Engage with hardware and Linux distribution vendors to confirm patch availability and deployment timelines. These steps go beyond generic advice by focusing on controlling local access, monitoring specific driver behavior, and preparing operational continuity plans tailored to wireless driver vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-35913: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF When we want to know whether we should look for the mac_id or the link_id in struct iwl_mvm_session_prot_notif, we should look at the version of SESSION_PROTECTION_NOTIF. This causes WARNINGs: WARNING: CPU: 0 PID: 11403 at drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] RIP: 0010:iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] Code: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff <0f> 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9ae63a361000 RCX: ffff9ae4a98b60d4 RDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358 RBP: ffffb4bb00003d68 R08: 0000000000000003 R09: 0000000000000010 R10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050 R13: ffff9ae4761329e8 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <IRQ> ? show_regs+0x69/0x80 ? __warn+0x8d/0x150 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] ? report_bug+0x196/0x1c0 ? handle_bug+0x45/0x80 ? exc_invalid_op+0x1c/0xb0 ? asm_exc_invalid_op+0x1f/0x30 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] iwl_mvm_rx_common+0x115/0x340 [iwlmvm] iwl_mvm_rx_mq+0xa6/0x100 [iwlmvm] iwl_pcie_rx_handle+0x263/0xa10 [iwlwifi] iwl_pcie_napi_poll_msix+0x32/0xd0 [iwlwifi]
AI-Powered Analysis
Technical Analysis
CVE-2024-35913 is a medium-severity vulnerability identified in the Linux kernel's Intel wireless driver stack, specifically within the iwlwifi module's mvm (mac80211-based) component. The vulnerability arises from improper handling of the SESSION_PROTECTION_NOTIF structure versioning in the driver code. The issue is that when processing session protection notifications, the driver incorrectly determines whether to reference the mac_id or the link_id field within the struct iwl_mvm_session_prot_notif, based solely on the version of SESSION_PROTECTION_NOTIF. This logic flaw leads to kernel warnings and ultimately triggers invalid operation exceptions (invalid opcode exceptions) causing kernel crashes or system instability. The provided kernel warning logs illustrate the failure point in the function iwl_mvm_rx_session_protect_notif, which is responsible for handling these notifications. The crash occurs due to dereferencing incorrect or uninitialized pointers, leading to a denial of service (DoS) condition by crashing the kernel or causing a system panic. The vulnerability requires local privileges with low privileges (PR:L) and high attack complexity (AC:H), meaning an attacker must have some level of access to the system and the ability to trigger specific wireless driver events. No user interaction is required (UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity impact. The vulnerability affects specific Linux kernel versions identified by commit hashes, and no known exploits are currently reported in the wild. This flaw is relevant for systems running Intel wireless chipsets using the iwlwifi driver on Linux kernels containing the affected commits. The vulnerability was published on May 19, 2024, and has a CVSS v3.1 score of 4.7, categorized as medium severity.
Potential Impact
For European organizations, the primary impact of CVE-2024-35913 is the potential for denial of service on Linux systems using Intel wireless chipsets with the vulnerable iwlwifi driver. This could lead to unexpected system crashes or reboots, disrupting business operations, especially in environments relying heavily on wireless connectivity such as corporate laptops, IoT devices, or wireless infrastructure components running Linux. Critical infrastructure sectors, including finance, healthcare, and manufacturing, which often deploy Linux-based systems with Intel wireless hardware, may experience operational interruptions. While the vulnerability does not expose data confidentiality or integrity, the availability impact could affect productivity and service continuity. Organizations with remote or mobile workforces using affected Linux laptops or embedded devices may face increased risk of wireless connectivity loss or system instability. Since exploitation requires local access and some technical skill, the threat is more relevant to insider threats or attackers who have already gained limited system access. The absence of known exploits in the wild reduces immediate risk but does not eliminate the need for timely remediation.
Mitigation Recommendations
1. Apply Kernel Updates: Organizations should promptly update Linux kernels to versions that include the patch resolving CVE-2024-35913. Monitor vendor advisories and Linux kernel mailing lists for patched releases. 2. Limit Local Access: Restrict local user privileges and access to systems running vulnerable kernels to reduce the risk of exploitation by unprivileged users. 3. Wireless Driver Hardening: Disable or restrict the use of Intel wireless drivers on systems where wireless connectivity is not required or can be replaced with alternative hardware. 4. Monitoring and Logging: Implement enhanced monitoring of kernel logs and wireless driver messages to detect warning signs or crashes related to iwlwifi. 5. Incident Response Preparedness: Prepare for potential denial of service incidents by ensuring rapid recovery mechanisms such as automated reboots, failover wireless connectivity, or system snapshots. 6. Network Segmentation: Isolate critical Linux systems with wireless capabilities from untrusted networks to minimize exposure. 7. Vendor Coordination: Engage with hardware and Linux distribution vendors to confirm patch availability and deployment timelines. These steps go beyond generic advice by focusing on controlling local access, monitoring specific driver behavior, and preparing operational continuity plans tailored to wireless driver vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.122Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe2176
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:10:15 AM
Last updated: 8/11/2025, 12:52:37 PM
Views: 18
Related Threats
CVE-2025-8864: CWE-532 Insertion of Sensitive Information into Log File in YugabyteDB Inc YugabyteDB Anywhere
MediumCVE-2025-8851: Stack-based Buffer Overflow in LibTIFF
MediumCVE-2025-8863: CWE-319 Cleartext Transmission of Sensitive Information in YugabyteDB Inc YugabyteDB
HighCVE-2025-8847: Cross Site Scripting in yangzongzhuan RuoYi
MediumCVE-2025-8839: Improper Authorization in jshERP
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.