| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 May 2024 14:25:10 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. The Linux kernel CVE team has assigned CVE-2024-35789 to this issue. Affected and fixed versions =========================== Fixed in 4.19.312 with commit ea9a0cfc07a7 Fixed in 5.4.274 with commit be1dd9254fc1 Fixed in 5.10.215 with commit e8b067c4058c Fixed in 5.15.154 with commit c8bddbd91bc8 Fixed in 6.1.84 with commit 7eeabcea79b6 Fixed in 6.6.24 with commit 6b948b54c8bd Fixed in 6.7.12 with commit 2884a50f5231 Fixed in 6.8.3 with commit e8678551c024 Fixed in 6.9 with commit 4f2bdb3c5e31 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-35789 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/mac80211/cfg.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921 https://git.kernel.org/stable/c/be1dd9254fc115321d6fbee042026d42afc8d931 https://git.kernel.org/stable/c/e8b067c4058c0121ac8ca71559df8e2e08ff1a7e https://git.kernel.org/stable/c/c8bddbd91bc8e42c961a5e2cec20ab879f21100f https://git.kernel.org/stable/c/7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b https://git.kernel.org/stable/c/6b948b54c8bd620725e0c906e44b10c0b13087a7 https://git.kernel.org/stable/c/2884a50f52313a7a911de3afcad065ddbb3d78fc https://git.kernel.org/stable/c/e8678551c0243f799b4859448781cbec1bd6f1cb https://git.kernel.org/stable/c/4f2bdb3c5e3189297e156b3ff84b140423d64685
Powered by blists - more mailing lists