Cyber Resilience

CVE-2024-57899

High

Published: 15 January 2025

Published
15 January 2025
Modified
17 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57899 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-57899 is a vulnerability in the Linux kernel's mac80211 subsystem that causes corruption of MBSS (multi-BSS) changed flags specifically on 32-bit systems. The issue arises because an unsigned long is 4 bytes while a u64 is 8 bytes, leading the for_each_set_bit macro to incorrectly search a 32-bit variable as if it were 64 bits, resulting in erroneous bit detection. This affects Wi-Fi functionality, particularly in ieee80211_link_info_change_notify during mesh operations, as evidenced by the provided call trace showing kernel exceptions like exc_overflow and exc_invalid_op.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), potentially achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored by CVSS 3.1 at 7.8. Exploitation likely triggers kernel crashes or data corruption in Wi-Fi mesh handling, enabling denial of service or further compromise from a local context.

Kernel stable patches address the issue by ensuring the bits variable size is correctly adjusted for each architecture, as detailed in the referenced commits: https://git.kernel.org/stable/c/36b739637d7042843f9df57212ecee6ed6e0d4b2, https://git.kernel.org/stable/c/49dba1ded8dd5a6a12748631403240b2ab245c34, and https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b. Security practitioners should apply these upstream fixes to affected 32-bit Linux kernels.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore,…

more

when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adjusted for each architecture. Call Trace: ? show_regs+0x54/0x58 ? __warn+0x6b/0xd4 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? report_bug+0x113/0x150 ? exc_overflow+0x30/0x30 ? handle_bug+0x27/0x44 ? exc_invalid_op+0x18/0x50 ? handle_exception+0xf6/0xf6 ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? ieee80211_mesh_work+0xff/0x260 [mac80211] ? cfg80211_wiphy_work+0x72/0x98 [cfg80211] ? process_one_work+0xf1/0x1fc ? worker_thread+0x2c0/0x3b4 ? kthread+0xc7/0xf0 ? mod_delayed_work_on+0x4c/0x4c ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork+0x24/0x38 ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork_asm+0xf/0x14 ? entry_INT80_32+0xf0/0xf0 [restore no-op path for no changes]

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel bug in mac80211 enables privilege escalation via memory corruption or DoS via crashes in mesh/Wi-Fi handling on 32-bit systems.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31558Same product: Linux Linux Kernel
CVE-2025-21680Same product: Linux Linux Kernel
CVE-2026-31419Same product: Linux Linux Kernel
CVE-2026-23350Same product: Linux Linux Kernel
CVE-2025-21647Same product: Linux Linux Kernel
CVE-2025-21791Same product: Linux Linux Kernel
CVE-2026-31502Same product: Linux Linux Kernel
CVE-2025-21883Same product: Linux Linux Kernel
CVE-2026-31548Same product: Linux Linux Kernel
CVE-2026-31485Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.13 · ≤ 6.6.70 · 6.7 — 6.12.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-57899 by requiring timely testing and deployment of kernel patches that correct the 32-bit unsigned long/u64 size mismatch in mac80211's for_each_set_bit usage.

detect

Vulnerability scanning identifies the presence of CVE-2024-57899 in affected 32-bit Linux kernels, enabling proactive remediation before local exploitation.

detect

System monitoring detects exploitation indicators such as kernel exc_overflow and exc_invalid_op exceptions in ieee80211_link_info_change_notify and ieee80211_mesh_work from the CVE call trace.

References