CVE-2024-38403 – Buffer Over-read in WLAN Firmware (8th Nov 2024)

Preface: BSS Transition Management enables an AP to request a voice client to transition to a specific AP, or suggest a set of preferred APs to a voice client, due to network load balancing or BSS termination.

Background: A STA receiving a BSS Transition Management Request frame may respond with a BSS Transition Management Response frame.

The BSS Termination Included (bit 3) field indicates that the BSS Termination Duration field is included, the BSS or the AP MLD is shutting down and the STA or the non-AP MLD will be disassociated. The AP or AP MLD sets the BSS Termination Included bit in the Request mode field to 1 to indicate that the BSS or AP MLD is shutting down.

The BSS Termination Included bit is 0 if no BSS Termination Duration information is included in the BSS Transition Management Request frame.

Vulnerability details: Transient DOS while parsing BTM ML IE when per STA profile is not included.

Official announcement: Please refer to the vendor announcement for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.