CVE-2024-49929 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: avoid NULL pointer dereference

iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() verify that the mvmvsta pointer is not NULL. It retrieves this pointer using iwl_mvm_sta_from_mac80211, which is dereferencing the ieee80211_sta pointer. If sta is NULL, iwl_mvm_sta_from_mac80211 will dereference a NULL pointer. Fix this by checking the sta pointer before retrieving the mvmsta from it. If sta is not NULL, then mvmsta isn't either.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 03/17/2026

The vulnerability CVE-2024-49929 represents a critical NULL pointer dereference flaw within the iwlwifi wireless driver component of the Linux kernel. This issue specifically affects the iwl_mvm_tx_skb_sta() and iwl_mvm_tx_mpdu() functions which handle wireless packet transmission operations. The flaw stems from improper validation of the ieee80211_sta pointer before attempting to dereference it to obtain the mvmvsta structure. When a wireless station pointer becomes NULL during transmission operations, the iwl_mvm_sta_from_mac80211 helper function attempts to dereference this NULL pointer, leading to immediate system crash or potential privilege escalation.

The technical implementation of this vulnerability demonstrates a classic defensive programming error where the code assumes the existence of valid data structures without proper validation. The iwlwifi driver's transmission path relies on the ieee80211_sta pointer to locate the corresponding mvmvsta structure through the iwl_mvm_sta_from_mac80211 function call. When the wireless station context is prematurely destroyed or becomes invalid during active transmission, the function attempts to dereference a NULL pointer, causing kernel oops or system panic. This type of vulnerability falls under CWE-476 which specifically addresses NULL pointer dereference conditions in software development practices. The flaw represents a failure in input validation and defensive programming principles that are fundamental to kernel security.

The operational impact of CVE-2024-49929 extends beyond simple system crashes to potentially enable denial of service attacks against wireless connectivity. An attacker could exploit this vulnerability by manipulating wireless station contexts to force the kernel into attempting NULL pointer dereference operations during active wireless transmission. The vulnerability affects systems running Linux kernels with the iwlwifi driver, particularly those supporting Intel wireless hardware such as the iwlwifi-9000 series and related chipsets. This flaw could be particularly dangerous in environments where wireless connectivity is critical, such as enterprise networks, industrial IoT deployments, or mobile computing scenarios where wireless transmission stability is paramount. The attack surface includes any system where wireless packets are actively transmitted through the affected driver components.

Mitigation strategies for CVE-2024-49929 should prioritize immediate kernel updates to versions containing the patched implementation. The fix involves implementing proper NULL pointer validation before calling iwl_mvm_sta_from_mac80211 function, ensuring that the ieee80211_sta pointer is validated before attempting to dereference it. This approach aligns with the principle of defensive programming and follows ATT&CK technique T1499.004 which addresses defensive evasion through proper input validation. System administrators should also implement monitoring for wireless driver crashes and unusual network behavior that might indicate exploitation attempts. Additional protective measures include restricting wireless network access to trusted users, implementing proper kernel hardening configurations, and ensuring regular security updates are deployed across all wireless-enabled systems. The vulnerability serves as a reminder of the critical importance of proper pointer validation in kernel-space code, particularly in wireless driver implementations where the attack surface is inherently exposed to external network conditions and potential malicious interference.

Responsible

Linux

Reservation

10/21/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00237

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!