CVE-2024-43912: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-43912 affects the Linux kernel's wifi subsystem, specifically in the nl80211 interface. The vulnerability was discovered in August 2024 and relates to improper validation of AP channel width settings. The issue affects Linux kernel versions up to (excluding) 6.1.105, versions from 6.2 up to (excluding) 6.6.46, and versions from 6.7 up to (excluding) 6.10.5 (NVD).

The vulnerability exists in the nl80211 interface where the AP channel width setting functionality did not properly validate special channel width configurations. The issue specifically involves the handling of S1G (Sub-1GHz) or narrow channels, which weren't meant to be used with the normal 20/40/... MHz channel width progression. The CVSS v3.1 base score is 5.5 (Medium) with a vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could allow an attacker with local access to cause a denial of service condition in the affected system. The impact is limited to availability, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability has been patched in the Linux kernel by adding validation checks for channel width settings. The fix explicitly allows only regular channel widths (20_NOHT, 20, 40, 80, 80P80, 160, 320) and returns an error for any other width values. The patch has been backported to affected stable kernel versions (Kernel Patch).