| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024111928-CVE-2024-53055-4a64@gregkh> Date: Tue, 19 Nov 2024 18:19:37 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8, which can never reach the number found when that's bigger than 255, and is stored in a u32 variable. Also move it into the loops to have a smaller scope. Using a u32 there is fine, we limit the number of APs in the scan list and each has a limit on the number of RNR entries due to the frame size. With a limit of 1000 scan results, a frame size upper bound of 4096 (really it's more like ~2300) and a TBTT entry size of at least 11, we get an upper bound for the number of ~372k, well in the bounds of a u32. The Linux kernel CVE team has assigned CVE-2024-53055 to this issue. Affected and fixed versions =========================== Issue introduced in 5.11 with commit eae94cf82d74 and fixed in 5.15.171 with commit 2ac15e5a8f42 Issue introduced in 5.11 with commit eae94cf82d74 and fixed in 6.1.116 with commit cde8a7eb5c67 Issue introduced in 5.11 with commit eae94cf82d74 and fixed in 6.6.60 with commit fc621e7a043d Issue introduced in 5.11 with commit eae94cf82d74 and fixed in 6.11.7 with commit 2ccd5badadab Issue introduced in 5.11 with commit eae94cf82d74 and fixed in 6.12 with commit 7245012f0f49 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-53055 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/intel/iwlwifi/mvm/scan.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2ac15e5a8f42fed5d90ed9e1197600913678c50f https://git.kernel.org/stable/c/cde8a7eb5c6762264ff0f4433358e0a0d250c875 https://git.kernel.org/stable/c/fc621e7a043de346c33bd7ae7e2e0c651d6152ef https://git.kernel.org/stable/c/2ccd5badadab2d586e91546bf5af3deda07fef1f https://git.kernel.org/stable/c/7245012f0f496162dd95d888ed2ceb5a35170f1a
Powered by blists - more mailing lists