| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024053043-CVE-2024-36941-b3a3@gregkh> Date: Thu, 30 May 2024 17:29:33 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-36941: wifi: nl80211: don't free NULL coalescing rule Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. The Linux kernel CVE team has assigned CVE-2024-36941 to this issue. Affected and fixed versions =========================== Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 4.19.314 with commit 327382dc0f16 Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 5.4.276 with commit 97792d0611ae Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 5.10.217 with commit 5a730a161ac2 Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 5.15.159 with commit ad12c74e953b Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 6.1.91 with commit b0db4caa10f2 Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 6.6.31 with commit 244822c09b4f Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 6.8.10 with commit f92772a64248 Issue introduced in 3.12 with commit be29b99a9b51 and fixed in 6.9 with commit 801ea33ae82d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-36941 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/wireless/nl80211.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457 https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307 https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4 https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383 https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7
Powered by blists - more mailing lists