CVE-2024-27410 in Linux
Summary
by MITRE • 05/17/2024
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: reject iftype change with mesh ID change
It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211_change_iface() to do wrong things when switching.
We could probably allow setting an interface to mesh while setting the mesh ID at the same time by doing a different order of operations here, but realistically there's no userspace that's going to do this, so just disallow changes in iftype when setting mesh ID.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/17/2025
This vulnerability exists within the Linux kernel's wireless subsystem, specifically in the nl80211 interface management functionality. The issue stems from improper handling of interface type transitions when mesh ID changes occur simultaneously. The vulnerability is classified as a race condition and memory corruption issue that can lead to arbitrary code execution or system instability. It affects the cfg80211 subsystem which manages wireless device configuration and interface management across the kernel. The flaw demonstrates poor input validation and state management during interface type transitions, creating a path for malicious actors to exploit kernel memory structures through crafted wireless configuration commands.
The technical flaw manifests in the cfg80211_change_iface() function where the kernel fails to properly validate interface type transitions when mesh ID changes occur concurrently. The vulnerability specifically targets the wdev->u union structure which holds different interface type data depending on the current mode. When attempting to simultaneously change interface type to mesh mode and modify the mesh ID, the kernel overwrites data in the union structure before proper validation occurs. This leads to undefined behavior where the kernel operates on corrupted or inconsistent data, potentially causing memory corruption, privilege escalation, or denial of service conditions. The issue is categorized under CWE-121 as heap-based buffer overflow and CWE-129 as improper validation of array indices, with potential ATT&CK mappings to T1068 for bypassing security restrictions and T1547 for privilege escalation.
The operational impact of this vulnerability is significant for systems running Linux kernels with wireless capabilities, particularly those managing mesh networks or wireless infrastructure. Attackers could exploit this vulnerability through malicious wireless configuration commands sent to the kernel, potentially leading to privilege escalation from unprivileged users to root access. Systems with wireless mesh networking capabilities are particularly at risk as the vulnerability specifically targets mesh mode transitions. The exploitability is moderate to high as it requires wireless configuration privileges but can be executed without specialized hardware. The vulnerability could affect enterprise wireless networks, IoT devices, and any system where wireless interfaces are managed through the kernel's cfg80211 subsystem.
Mitigation strategies should focus on immediate kernel updates from vendors such as Red Hat, Ubuntu, and Debian, which have released patches addressing this specific vulnerability. System administrators should implement wireless access controls to limit configuration privileges and monitor for unusual wireless interface changes. Network segmentation and privilege separation can help contain potential exploitation attempts. The fix implemented by the kernel maintainers involves adding proper validation to reject interface type changes when mesh ID modifications occur simultaneously, preventing the union data corruption that leads to the vulnerability. Additional security measures include disabling unnecessary wireless interfaces, implementing wireless intrusion detection systems, and conducting regular security audits of wireless network configurations. Organizations should also consider deploying kernel hardening measures such as stack canaries, address space layout randomization, and kernel module signing to further reduce exploitability.