CVE-2024-57990 in Linuxinfo

Summary

by MITRE • 02/27/2025

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: fix off by one in mt7925_load_clc()

This comparison should be >= instead of > to prevent an out of bounds read and write.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/24/2026

The vulnerability CVE-2024-57990 affects the Linux kernel's wireless subsystem, specifically within the mt76 driver family that supports MediaTek wireless chipsets including the mt7925 model. This issue resides in the wireless network interface driver code that manages the communication between the operating system and the hardware radio components. The flaw manifests in the mt7925_load_clc() function which is responsible for loading calibration data into the wireless chipset. The vulnerability represents a classic buffer management error that occurs during the processing of wireless calibration parameters.

The technical flaw stems from an incorrect comparison operator in the boundary check logic within the mt7925_load_clc() function. Specifically, the code uses a greater than operator (>) instead of a greater than or equal to operator (>=) when validating array indices or buffer boundaries. This off-by-one error creates a condition where the software attempts to access memory locations beyond the allocated buffer boundaries. When the comparison value equals the boundary limit, the current implementation fails to prevent the access, leading to potential out-of-bounds read and write operations that can result in memory corruption or arbitrary code execution.

The operational impact of this vulnerability extends beyond simple memory corruption as it represents a critical security weakness that can be exploited by malicious actors with access to the wireless interface. The flaw could enable attackers to manipulate the wireless driver's behavior, potentially leading to privilege escalation or system compromise. The vulnerability affects systems running Linux kernels with MediaTek wireless hardware that utilize the mt76 driver stack, particularly those implementing the mt7925 chipset. This includes various enterprise and consumer devices such as routers, access points, and embedded systems that rely on MediaTek wireless solutions for network connectivity.

Security researchers have classified this vulnerability as a memory safety issue that aligns with common weakness enumerations such as CWE-129 and CWE-787, which cover improper validation of array indices and out-of-bounds reads/writes respectively. The ATT&CK framework would categorize this under privilege escalation techniques as an attacker could potentially leverage this flaw to gain elevated system privileges. The vulnerability demonstrates a fundamental flaw in input validation and boundary checking that represents a common class of software defects in kernel space drivers where memory safety is paramount. Mitigation strategies include immediate kernel updates from Linux distribution vendors, implementing network segmentation to limit wireless access, and monitoring for anomalous wireless behavior that might indicate exploitation attempts.

The fix for CVE-2024-57990 involves correcting the comparison operator from > to >= in the boundary validation logic within the mt7925_load_clc() function. This simple but critical change ensures that all boundary conditions are properly enforced, preventing the out-of-bounds access that could lead to system compromise. The patch demonstrates the importance of rigorous code review processes and automated testing for kernel drivers, particularly those handling hardware-specific operations where memory safety is critical for system integrity. Organizations should prioritize applying this patch across all affected systems and consider implementing additional security controls to monitor wireless interface behavior and detect potential exploitation attempts.

Responsible

Linux

Reservation

02/27/2025

Disclosure

02/27/2025

Moderation

accepted

CPE

ready

EPSS

0.00224

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!