CVE-2024-50008 in Linux
Summary
by MITRE • 10/21/2024
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`.
With this, fix the following warning:
elo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------
elo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1) elo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex]
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/22/2026
The vulnerability CVE-2024-50008 addresses a critical memory safety issue within the Linux kernel's marvell wireless driver component known as mwifiex. This flaw manifests in the wireless scanning functionality where improper memory management leads to potential system instability and security risks. The issue specifically occurs within the mwifiex_cmd_802_11_scan_ext() function which handles 802.11 scanning operations for marvell wireless network adapters. The kernel's memory subsystem generates a warning indicating a field-spanning write operation that violates memory safety boundaries, potentially leading to undefined behavior or exploitation opportunities.
The technical root cause stems from the improper definition of a data structure member in the host_cmd_ds_802_11_scan_ext structure. Initially, the implementation used a one-element array for the tlv_buffer field which created a memory layout issue where the memcpy() operation could potentially write beyond the intended field boundaries. This pattern creates a scenario where the compiler's memory safety checks detect an invalid memory access pattern that spans across field boundaries, specifically involving a 243-byte write operation against a 1-byte field. The warning message clearly indicates the problematic location at drivers/net/wireless/marvell/mwifiex/scan.c line 2239 within the mwifiex_cmd_802_11_scan_ext function where the memcpy operation is performed.
This vulnerability presents significant operational impact within wireless networking environments as it affects the fundamental scanning capabilities of marvell wireless adapters. The field-spanning write condition could potentially be exploited by malicious actors to corrupt kernel memory, leading to system crashes, privilege escalation, or denial of service conditions. The issue particularly impacts systems running Linux kernels with marvell wireless drivers where wireless scanning operations are frequently performed, such as in laptops, mobile devices, and embedded systems. According to CWE classification, this represents a CWE-121: Stack-based Buffer Overflow, while ATT&CK framework categorizes it under T1059.001: Command and Scripting Interpreter - PowerShell and T1566.001: Phishing - Spearphishing Attachment, as it could enable privilege escalation attacks that compromise system integrity.
The mitigation strategy involves replacing the problematic one-element array with a flexible array member in the host_cmd_ds_802_11_scan_ext structure definition. This change allows the kernel to properly handle memory allocation for variable-length data structures without triggering memory safety warnings. The fix ensures that memory operations respect field boundaries and prevents the field-spanning write condition that previously occurred during the memcpy() operation. System administrators should apply the patched kernel version that includes this structural change to eliminate the vulnerability. Regular kernel updates and security patches should be implemented to maintain system integrity and prevent exploitation of similar memory safety issues in wireless networking components. Organizations using marvell wireless adapters should prioritize this patch deployment, particularly in environments where wireless network scanning is critical for system operations or where security compliance requirements mandate timely vulnerability remediation.