projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0b78088) | patch
wifi: cfg80211: avoid nontransmitted BSS list corruption
authorJohannes Berg <johannes.berg@intel.com>
Fri, 30 Sep 2022 22:01:44 +0000 (00:01 +0200)
committerJohannes Berg <johannes.berg@intel.com>
Mon, 10 Oct 2022 07:51:01 +0000 (09:51 +0200)
commitbcca852027e5878aec911a347407ecc88d6fff7f
tree2457c8778c3c490fcce326ff1193ba89cee24de5tree | snapshot
parent0b7808818cb9df6680f98996b8e9a439fa7bcc2fcommit | diff
wifi: cfg80211: avoid nontransmitted BSS list corruption

If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
net/wireless/scan.c diff | blob | history
Domain: System / Kernel;