CVE-2024-49857: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-49857 affects the Linux kernel's iwlwifi driver implementation. The vulnerability was discovered in the wifi subsystem, specifically in the secured NDP ranging functionality of the iwlwifi driver. The issue was identified and disclosed on October 21, 2024, affecting Linux kernel versions from 6.11 up to (excluding) 6.11.2 (NVD).

The vulnerability is a NULL pointer dereference issue in the iwlwifi driver's secured NDP ranging functionality. The bug occurs because the cipher pointer is not set before being dereferenced while attempting to set its content. This implementation flaw was introduced in commit 626be4bf99f6 ("wifi: iwlwifi: mvm: modify iwlmvmftmsetsecured_ranging() parameters"). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD, Kernel Patch).

When exploited, this vulnerability can cause a denial of service condition through a system crash due to the NULL pointer dereference in the kernel's wifi subsystem. The impact is limited to availability, with no direct effects on confidentiality or integrity (NVD).

The vulnerability has been fixed by setting the cipher pointer to the cipher parameter before dereferencing. The fix has been implemented in the Linux kernel and is available through updates. Users should update their systems to Linux kernel version 6.11.2 or later to address this vulnerability (Kernel Patch).