cve/published/2023/CVE-2023-52832.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52832: wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

 We can get a UBSAN warning if ieee80211_get_tx_power() returns the
 INT_MIN value mac80211 internally uses for "unset power level".

  UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
  -2147483648 * 100 cannot be represented in type 'int'
  CPU: 0 PID: 20433 Comm: insmod Tainted: G        WC OE
  Call Trace:
   dump_stack+0x74/0x92
   ubsan_epilogue+0x9/0x50
   handle_overflow+0x8d/0xd0
   __ubsan_handle_mul_overflow+0xe/0x10
   nl80211_send_iface+0x688/0x6b0 [cfg80211]
   [...]
   cfg80211_register_wdev+0x78/0xb0 [cfg80211]
   cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
   [...]
   ieee80211_if_add+0x60e/0x8f0 [mac80211]
   ieee80211_register_hw+0xda5/0x1170 [mac80211]

 In this case, simply return an error instead, to indicate
 that no data is available.

 The Linux kernel CVE team has assigned CVE-2023-52832 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.14.331 with commit 1571120c44dbe5757aee1612c5b6097cdc42710f
 	Fixed in 4.19.300 with commit 298e767362cade639b7121ecb3cc5345b6529f62
 	Fixed in 5.4.262 with commit efeae5f4972f75d50002bc50eb112ab9e7069b18
 	Fixed in 5.10.202 with commit 717de20abdcd1d4993fa450e28b8086a352620ea
 	Fixed in 5.15.140 with commit 21a0f310a9f3bfd2b4cf4f382430e638607db846
 	Fixed in 6.1.64 with commit 2be24c47ac19bf639c48c082486c08888bd603c6
 	Fixed in 6.5.13 with commit adc2474d823fe81d8da759207f4f1d3691aa775a
 	Fixed in 6.6.3 with commit 5a94cffe90e20e8fade0b9abd4370bd671fe87c7
 	Fixed in 6.7 with commit e160ab85166e77347d0cbe5149045cb25e83937f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52832
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/mac80211/cfg.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f
 	https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62
 	https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18
 	https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea
 	https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846
 	https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6
 	https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a
 	https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7
 	https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52832: wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

	We can get a UBSAN warning if ieee80211_get_tx_power() returns the
	INT_MIN value mac80211 internally uses for "unset power level".

	UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
	-2147483648 * 100 cannot be represented in type 'int'
	CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE
	Call Trace:
	dump_stack+0x74/0x92
	ubsan_epilogue+0x9/0x50
	handle_overflow+0x8d/0xd0
	__ubsan_handle_mul_overflow+0xe/0x10
	nl80211_send_iface+0x688/0x6b0 [cfg80211]
	[...]
	cfg80211_register_wdev+0x78/0xb0 [cfg80211]
	cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
	[...]
	ieee80211_if_add+0x60e/0x8f0 [mac80211]
	ieee80211_register_hw+0xda5/0x1170 [mac80211]

	In this case, simply return an error instead, to indicate
	that no data is available.

	The Linux kernel CVE team has assigned CVE-2023-52832 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.14.331 with commit 1571120c44dbe5757aee1612c5b6097cdc42710f
	Fixed in 4.19.300 with commit 298e767362cade639b7121ecb3cc5345b6529f62
	Fixed in 5.4.262 with commit efeae5f4972f75d50002bc50eb112ab9e7069b18
	Fixed in 5.10.202 with commit 717de20abdcd1d4993fa450e28b8086a352620ea
	Fixed in 5.15.140 with commit 21a0f310a9f3bfd2b4cf4f382430e638607db846
	Fixed in 6.1.64 with commit 2be24c47ac19bf639c48c082486c08888bd603c6
	Fixed in 6.5.13 with commit adc2474d823fe81d8da759207f4f1d3691aa775a
	Fixed in 6.6.3 with commit 5a94cffe90e20e8fade0b9abd4370bd671fe87c7
	Fixed in 6.7 with commit e160ab85166e77347d0cbe5149045cb25e83937f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52832
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/mac80211/cfg.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f
	https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62
	https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18
	https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea
	https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846
	https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6
	https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a
	https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7
	https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f