| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022653-CVE-2022-49416-7c8e@gregkh> Date: Wed, 26 Feb 2025 03:11:30 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49416: wifi: mac80211: fix use-after-free in chanctx code Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do anything else in this function and can just return to avoid accessing the freed old_ctx. The Linux kernel CVE team has assigned CVE-2022-49416 to this issue. Affected and fixed versions =========================== Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 4.9.318 with commit 88cc8f963febe192d6ded9df7217f92f380b449a Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 4.14.283 with commit 4ba81e794f0fad6234f644c2da1ae14d5b95e1c4 Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 4.19.247 with commit 9f1e5cc85ad77e52f54049a94db0407445ae2a34 Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 5.4.198 with commit 265bec4779a38b65e86a25120370f200822dfa76 Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 5.10.121 with commit 6118bbdf69f4718b02d26bbcf2e497eb66004331 Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 5.15.46 with commit b79110f2bf6022e60e590d2e094728a8eec3e79e Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 5.17.14 with commit 82c8e7bbdd06c7ed58e22450cc5b37f33a25bb2c Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 5.18.3 with commit 4f05a9e15edcdf5b97e0d86ab6ecd5f187289f6c Issue introduced in 3.17 with commit 5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f and fixed in 5.19 with commit 2965c4cdf7ad9ce0796fac5e57debb9519ea721e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49416 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/mac80211/chan.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/88cc8f963febe192d6ded9df7217f92f380b449a https://git.kernel.org/stable/c/4ba81e794f0fad6234f644c2da1ae14d5b95e1c4 https://git.kernel.org/stable/c/9f1e5cc85ad77e52f54049a94db0407445ae2a34 https://git.kernel.org/stable/c/265bec4779a38b65e86a25120370f200822dfa76 https://git.kernel.org/stable/c/6118bbdf69f4718b02d26bbcf2e497eb66004331 https://git.kernel.org/stable/c/b79110f2bf6022e60e590d2e094728a8eec3e79e https://git.kernel.org/stable/c/82c8e7bbdd06c7ed58e22450cc5b37f33a25bb2c https://git.kernel.org/stable/c/4f05a9e15edcdf5b97e0d86ab6ecd5f187289f6c https://git.kernel.org/stable/c/2965c4cdf7ad9ce0796fac5e57debb9519ea721e
Powered by blists - more mailing lists