lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024102118-CVE-2024-47712-13c2@gregkh> Date: Mon, 21 Oct 2024 14:00:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-47712: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues. To address this, the TSF value is now stored in a local variable `ies_tsf` before the RCU lock is released. The `param->tsf_lo` field is then assigned using this local variable, ensuring that the TSF value is safely accessed. The Linux kernel CVE team has assigned CVE-2024-47712 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.214 with commit b4bbf38c350a and fixed in 5.10.227 with commit 557418e17046 Issue introduced in 5.15.153 with commit d80fc436751c and fixed in 5.15.168 with commit bf090f4fe935 Issue introduced in 6.1.83 with commit 745003b5917b and fixed in 6.1.113 with commit b040b71d99ee Issue introduced in 6.6.23 with commit 4bfd20d5f5c6 and fixed in 6.6.54 with commit 84398204c5df Issue introduced in 6.9 with commit 205c50306acf and fixed in 6.10.13 with commit 2f944e6255c2 Issue introduced in 6.9 with commit 205c50306acf and fixed in 6.11.2 with commit 79510414a762 Issue introduced in 6.9 with commit 205c50306acf and fixed in 6.12-rc1 with commit 6d7c6ae1efb1 Issue introduced in 5.4.273 with commit e556006de4ea Issue introduced in 6.7.11 with commit 5800ec78775c Issue introduced in 6.8.2 with commit dd50d3ead6e3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-47712 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/microchip/wilc1000/hif.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1 https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5 https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192 https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8
Powered by blists - more mailing lists