CVE-2024-53074: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53074 is a vulnerability in the Linux kernel affecting the iwlwifi driver. The issue was discovered in devices that do not support the MLD API (Intel 9260 and down), where a resource leak occurs during AP removal. This vulnerability was disclosed on November 19, 2024, and affects Linux kernel versions from 6.9 up to (excluding) 6.11.7 (NVD).

The vulnerability is classified as a Missing Release of Resource after Effective Lifetime (CWE-772) issue. It has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The technical issue involves a failure to release the link mapping resource during AP removal, which prevents the AP from being started again after it has been started and stopped (NVD).

The vulnerability affects the availability of the wireless access point functionality. On affected devices that do not support the MLD API (Intel 9260 and down), users cannot restart the AP after it has been started and stopped once, effectively preventing the reuse of AP functionality until system restart (Kernel Patch).

The vulnerability has been fixed in the Linux kernel through a patch that properly releases the link mapping resource during AP removal. The fix has been implemented in kernel version 6.11.7 and later. Users are advised to update their kernel to a patched version (Kernel Patch).