| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061807-CVE-2022-49942-8f93@gregkh> Date: Wed, 18 Jun 2025 13:00:07 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-49942: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case. This causes the for loop in cfg80211_get_bss() to be bypassed, so the function returns NULL (check line 1424 of net/wireless/scan.c), causing the WARN_ON() in ieee80211_ibss_csa_beacon() to get triggered (check line 500 of net/mac80211/ibss.c), which was consequently reported on the syzkaller dashboard. Thus, check if we have an existing connection before generating the CSA beacon in ieee80211_ibss_finish_csa(). The Linux kernel CVE team has assigned CVE-2022-49942 to this issue. Affected and fixed versions =========================== Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 4.9.328 with commit cdb9a8da9b84800eb15506cd9363cf0cf059e677 Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 4.14.293 with commit 1691a48aef0a82d1754b9853dae7e3f5cacdf70b Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 4.19.258 with commit d9eb37db6a28b59a95a3461450ee209654c5f95b Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 5.4.213 with commit 66689c5c02acd4d76c28498fe220998610aec61e Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 5.10.142 with commit dd649b49219a0388cc10fc40e4c2ea681566a780 Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 5.15.66 with commit 552ba102a6898630a7d16887f29e606d6fabe508 Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 5.19.8 with commit 864e280cb3a9a0f5212b16ef5057c4e692f7039d Issue introduced in 3.13 with commit cd7760e62c2ac8581f050b2d36501d1a60beaf83 and fixed in 6.0 with commit 15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49942 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/mac80211/ibss.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677 https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780 https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508 https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0
Powered by blists - more mailing lists