| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024082137-CVE-2024-43879-95cb@gregkh> Date: Wed, 21 Aug 2024 08:07:43 +0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-43879: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth. The Linux kernel CVE team has assigned CVE-2024-43879 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 4.19.320 with commit 45d20a1c54be Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 5.4.282 with commit b289ebb05165 Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 5.10.224 with commit 2e201b3d162c Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 5.15.165 with commit 576c64622649 Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 6.1.103 with commit 16ad67e73309 Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 6.6.44 with commit 67b5f1054197 Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 6.10.3 with commit 19eaf4f2f5a9 Issue introduced in 4.19 with commit c4cbaf7973a7 and fixed in 6.11-rc1 with commit bcbd771cd5d6 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-43879 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/wireless/util.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9 https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086 https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27 https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142 https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6
Powered by blists - more mailing lists