mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-20 17:41:09 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/wireless
History
Johannes Berg 0a8ee682e4 wifi: cfg80211: avoid nontransmitted BSS list corruption 
commit bcca852027 upstream.

If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb8235b ("cfg80211: Parsing of Multiple BSSID information in scanning")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-10-15 07:59:03 +02:00
..
certs
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c
chan.c cfg80211: add cfg80211_any_usable_channels() 2021-06-23 13:05:08 +02:00
core.c cfg80211: fix race in netlink owner interface destruction 2022-02-23 12:03:11 +01:00
core.h cfg80211: fix management registrations locking 2021-10-25 15:20:22 +02:00
debugfs.c wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() 2022-09-08 12:28:02 +02:00
debugfs.h
ethtool.c cfg80211: check wiphy driver existence for drvinfo report 2020-02-07 12:53:26 +01:00
ibss.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
Kconfig cfg80211: select CONFIG_CRC32 2021-01-05 15:50:36 -08:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
Makefile cfg80211: make certificate generation more robust 2021-06-18 13:25:15 +02:00
mesh.c cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
mlme.c cfg80211: fix management registrations locking 2021-10-25 15:20:22 +02:00
nl80211.c nl80211: don't hold RTNL in color change request 2022-06-09 10:22:53 +02:00
nl80211.h nl80211: fix radio statistics in survey dump 2021-11-25 09:48:34 +01:00
ocb.c
of.c
pmsr.c nl80211/cfg80211: add BSS color to NDP ranging parameters 2021-06-23 11:29:14 +02:00
radiotap.c mac80211: Use flex-array for radiotap header bitmap 2021-08-13 09:58:25 +02:00
rdev-ops.h nl80211: add support for BSS coloring 2021-08-17 11:58:21 +02:00
reg.c cfg80211: declare MODULE_FIRMWARE for regulatory.db 2022-06-09 10:23:26 +02:00
reg.h cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
scan.c wifi: cfg80211: avoid nontransmitted BSS list corruption 2022-10-15 07:59:03 +02:00
sme.c cfg80211: remove WARN_ON() in cfg80211_sme_connect 2021-04-08 10:14:55 +02:00
sysfs.c cfg80211: shut down interfaces on failed resume 2021-06-09 16:09:20 +02:00
sysfs.h
trace.c
trace.h cfg80211: fix BSS color notify trace enum confusion 2021-08-18 09:21:52 +02:00
util.c wifi: cfg80211: fix MCS divisor value 2022-10-12 09:53:28 +02:00
wext-compat.c cfg80211: expose the rfkill device to the low level driver 2021-06-23 11:29:13 +02:00
wext-compat.h
wext-core.c wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-01-26 11:59:42 +01:00
wext-priv.c
wext-proc.c
wext-sme.c cfg80211: avoid holding the RTNL when calling the driver 2021-01-26 11:55:50 +01:00
wext-spy.c wireless: wext-spy: Fix out-of-bounds warning 2021-06-23 10:57:17 +02:00