Cyber Resilience

CVE-2024-57990

High

Published: 27 February 2025

Published
27 February 2025
Modified
01 October 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57990 is a high-severity Off-by-one Error (CWE-193) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2024-57990 is an off-by-one vulnerability in the Linux kernel's mt76 WiFi driver, specifically affecting the mt7925 chipset in the mt7925_load_clc() function. The flaw stems from an incorrect comparison using ">" instead of ">=", which allows an out-of-bounds read and write. This issue is classified under CWE-193 (Off-by-One Error) with a CVSS v3.1 base score of 7.8.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation enables high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or system crashes within the kernel context.

The vulnerability has been addressed in stable kernel releases via patches available at kernel.org git repositories, including commits 08fa656c91fd5fdf47ba393795b9c0d1e97539ed, 2d1628d32300e4f67ac0b7409cbfa7b912a8fe9d, and d03b8fe1b518fc2ea2d82588e905f56d80cd64b2. Security practitioners should update affected Linux kernels to incorporate these fixes to mitigate the risk.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Off-by-one error in Linux kernel WiFi driver enables local out-of-bounds R/W leading to kernel arbitrary code execution and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.10.13 — 6.11 · 6.11.2 — 6.12.13 · 6.13 — 6.13.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely patching of the Linux kernel to remediate the off-by-one error in mt7925_load_clc() that enables out-of-bounds read and write.

prevent

Implements kernel memory protections such as KASLR and page protections that mitigate exploitation of the out-of-bounds access in the mt7925 WiFi driver.

detect

Enables vulnerability scanning to identify systems with vulnerable Linux kernel versions affected by CVE-2024-57990 in the mt76 mt7925 driver.

References