CVE-2024-47681: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-47681 affects the Linux kernel's mt7996 WiFi driver, specifically in the mt7996_mcu_sta_bfer_he routine. The vulnerability was discovered through code review and involves a NULL pointer dereference when adding a station interface to the mt7996 driver. This issue affects Linux kernel versions from 6.2 through 6.6.54, 6.7 through 6.10.13, and 6.11 through 6.11.2 (NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) with a CVSS v3.1 base score of 5.5 (Medium), vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue occurs in the mt7996_mcu_sta_bfer_he function within the MediaTek WiFi 7 (802.11be) device driver. The vulnerability stems from a missing NULL pointer check before accessing the 'vc' pointer (Kernel Patch).

When exploited, this vulnerability can cause a denial of service condition through a system crash when attempting to access an invalid memory location. The impact is limited to local attacks and primarily affects system availability (NVD).

The vulnerability has been patched in the Linux kernel through a fix that adds a NULL pointer check before accessing the 'vc' pointer. Users should update their systems to the following versions: Linux kernel 6.6.54 or later for the 6.6 series, 6.10.13 or later for the 6.10 series, and 6.11.2 or later for the 6.11 series (Kernel Patch).