Search for vulnerabilities
| Vulnerability ID | VCID-3hmq-thga-u3du |
| Aliases |
CVE-2024-46760
|
| Summary | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 5.0 |
| Risk | 2.5 |
| Affected and Fixed Packages | Package Details |
| CWE-476 | NULL Pointer Dereference |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46760.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2024-46760 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46760 | ||
| https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml | ||
| 2313108 | https://bugzilla.redhat.com/show_bug.cgi?id=2313108 | |
| 25eaef533bf3ccc6fee5067aac16f41f280e343e | https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e | |
| adc539784c98a7cc602cbf557debfc2e7b9be8b3 | https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3 | |
| c83d464b82a8ad62ec9077637f75d73fe955635a | https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a | |
| USN-7154-1 | https://usn.ubuntu.com/7154-1/ | |
| USN-7154-2 | https://usn.ubuntu.com/7154-2/ | |
| USN-7155-1 | https://usn.ubuntu.com/7155-1/ | |
| USN-7156-1 | https://usn.ubuntu.com/7156-1/ | |
| USN-7196-1 | https://usn.ubuntu.com/7196-1/ |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.13933 |
| EPSS Score | 0.00044 |
| Published At | June 5, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:51:31.697354+00:00 | Debian Importer | Import | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |