{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T09:53:32.721","vulnerabilities":[{"cve":{"id":"CVE-2024-43881","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-08-21T01:15:12.280","lastModified":"2025-09-26T18:39:51.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: change DMA direction while mapping reinjected packets\n\nFor fragmented packets, ath12k reassembles each fragment as a normal\npacket and then reinjects it into HW ring. In this case, the DMA\ndirection should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise,\nan invalid payload may be reinjected into the HW and\nsubsequently delivered to the host.\n\nGiven that arbitrary memory can be allocated to the skb buffer,\nknowledge about the data contained in the reinjected buffer is lacking.\nConsequently, there’s a risk of private information being leaked.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1"},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: ath12k: cambia la dirección de DMA al mapear paquetes reinyectados. Para paquetes fragmentados, ath12k vuelve a ensamblar cada fragmento como un paquete normal y luego lo reinyecta en el anillo HW. En este caso, la dirección DMA debe ser DMA_TO_DEVICE, no DMA_FROM_DEVICE. De lo contrario, se puede reinyectar una carga útil no válida en el HW y posteriormente entregarla al host. Dado que se puede asignar memoria arbitraria al búfer skb, falta conocimiento sobre los datos contenidos en el búfer reinyectado. En consecuencia, existe el riesgo de que se filtre información privada. Probado en: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.44","matchCriteriaId":"E752D2D6-EE15-4491-857A-AA8D6AE62EDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.10.3","matchCriteriaId":"92D388F2-1EAF-4CFA-AC06-5B26D762EA7D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}