cve/published/2021/CVE-2021-47602.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47602: mac80211: track only QoS data frames for admission control

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 mac80211: track only QoS data frames for admission control

 For admission control, obviously all of that only works for
 QoS data frames, otherwise we cannot even access the QoS
 field in the header.

 Syzbot reported (see below) an uninitialized value here due
 to a status of a non-QoS nullfunc packet, which isn't even
 long enough to contain the QoS header.

 Fix this to only do anything for QoS data packets.

 The Linux kernel CVE team has assigned CVE-2021-47602 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 4.19.222 with commit 69f054d6642c8f6173724ce17e7ee3ff66b8f682
 	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.4.168 with commit 46b9e29db2012a4d2a40a26101862e002ccf387b
 	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.10.88 with commit eed897a22230e3231a740eddd7d6d95ba476625f
 	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.15.11 with commit 42d08e97b196479f593499e887a9ab81446a34b9
 	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.16 with commit d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47602
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/mac80211/mlme.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682
 	https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b
 	https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f
 	https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9
 	https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47602: mac80211: track only QoS data frames for admission control

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	mac80211: track only QoS data frames for admission control

	For admission control, obviously all of that only works for
	QoS data frames, otherwise we cannot even access the QoS
	field in the header.

	Syzbot reported (see below) an uninitialized value here due
	to a status of a non-QoS nullfunc packet, which isn't even
	long enough to contain the QoS header.

	Fix this to only do anything for QoS data packets.

	The Linux kernel CVE team has assigned CVE-2021-47602 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 4.19.222 with commit 69f054d6642c8f6173724ce17e7ee3ff66b8f682
	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.4.168 with commit 46b9e29db2012a4d2a40a26101862e002ccf387b
	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.10.88 with commit eed897a22230e3231a740eddd7d6d95ba476625f
	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.15.11 with commit 42d08e97b196479f593499e887a9ab81446a34b9
	Issue introduced in 3.19 with commit 02219b3abca59fca81711bfe7ee78df7abad97ce and fixed in 5.16 with commit d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47602
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/mac80211/mlme.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/69f054d6642c8f6173724ce17e7ee3ff66b8f682
	https://git.kernel.org/stable/c/46b9e29db2012a4d2a40a26101862e002ccf387b
	https://git.kernel.org/stable/c/eed897a22230e3231a740eddd7d6d95ba476625f
	https://git.kernel.org/stable/c/42d08e97b196479f593499e887a9ab81446a34b9
	https://git.kernel.org/stable/c/d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a