cve/published/2024/CVE-2024-35789.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

 When moving a station out of a VLAN and deleting the VLAN afterwards, the
 fast_rx entry still holds a pointer to the VLAN's netdev, which can cause
 use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx
 after the VLAN change.

 The Linux kernel CVE team has assigned CVE-2024-35789 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.189 with commit a7f1721684628b8ae6015bca9a176046ee6f30cc and fixed in 4.19.312 with commit ea9a0cfc07a7d3601cc680718d9cff0d6927a921
 	Issue introduced in 5.4.114 with commit bd7e90c82850f49c23004d54de14e46d373748a6 and fixed in 5.4.274 with commit be1dd9254fc115321d6fbee042026d42afc8d931
 	Issue introduced in 5.10.32 with commit cc413b375c6d95e68a4629cb1ba9d099de78ebb9 and fixed in 5.10.215 with commit e8b067c4058c0121ac8ca71559df8e2e08ff1a7e
 	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 5.15.154 with commit c8bddbd91bc8e42c961a5e2cec20ab879f21100f
 	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.1.84 with commit 7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b
 	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.6.24 with commit 6b948b54c8bd620725e0c906e44b10c0b13087a7
 	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.7.12 with commit 2884a50f52313a7a911de3afcad065ddbb3d78fc
 	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.8.3 with commit e8678551c0243f799b4859448781cbec1bd6f1cb
 	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.9 with commit 4f2bdb3c5e3189297e156b3ff84b140423d64685
 	Issue introduced in 4.14.232 with commit 22bc2a4814440c4a8979a381f46fec5d224f5c11
 	Issue introduced in 5.11.16 with commit 7cfe824f681e1aaac34ea64bb4def8a77801b672

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-35789
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/mac80211/cfg.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921
 	https://git.kernel.org/stable/c/be1dd9254fc115321d6fbee042026d42afc8d931
 	https://git.kernel.org/stable/c/e8b067c4058c0121ac8ca71559df8e2e08ff1a7e
 	https://git.kernel.org/stable/c/c8bddbd91bc8e42c961a5e2cec20ab879f21100f
 	https://git.kernel.org/stable/c/7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b
 	https://git.kernel.org/stable/c/6b948b54c8bd620725e0c906e44b10c0b13087a7
 	https://git.kernel.org/stable/c/2884a50f52313a7a911de3afcad065ddbb3d78fc
 	https://git.kernel.org/stable/c/e8678551c0243f799b4859448781cbec1bd6f1cb
 	https://git.kernel.org/stable/c/4f2bdb3c5e3189297e156b3ff84b140423d64685
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-35789: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

	When moving a station out of a VLAN and deleting the VLAN afterwards, the
	fast_rx entry still holds a pointer to the VLAN's netdev, which can cause
	use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx
	after the VLAN change.

	The Linux kernel CVE team has assigned CVE-2024-35789 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.189 with commit a7f1721684628b8ae6015bca9a176046ee6f30cc and fixed in 4.19.312 with commit ea9a0cfc07a7d3601cc680718d9cff0d6927a921
	Issue introduced in 5.4.114 with commit bd7e90c82850f49c23004d54de14e46d373748a6 and fixed in 5.4.274 with commit be1dd9254fc115321d6fbee042026d42afc8d931
	Issue introduced in 5.10.32 with commit cc413b375c6d95e68a4629cb1ba9d099de78ebb9 and fixed in 5.10.215 with commit e8b067c4058c0121ac8ca71559df8e2e08ff1a7e
	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 5.15.154 with commit c8bddbd91bc8e42c961a5e2cec20ab879f21100f
	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.1.84 with commit 7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b
	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.6.24 with commit 6b948b54c8bd620725e0c906e44b10c0b13087a7
	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.7.12 with commit 2884a50f52313a7a911de3afcad065ddbb3d78fc
	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.8.3 with commit e8678551c0243f799b4859448781cbec1bd6f1cb
	Issue introduced in 5.12 with commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd and fixed in 6.9 with commit 4f2bdb3c5e3189297e156b3ff84b140423d64685
	Issue introduced in 4.14.232 with commit 22bc2a4814440c4a8979a381f46fec5d224f5c11
	Issue introduced in 5.11.16 with commit 7cfe824f681e1aaac34ea64bb4def8a77801b672

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-35789
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/mac80211/cfg.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921
	https://git.kernel.org/stable/c/be1dd9254fc115321d6fbee042026d42afc8d931
	https://git.kernel.org/stable/c/e8b067c4058c0121ac8ca71559df8e2e08ff1a7e
	https://git.kernel.org/stable/c/c8bddbd91bc8e42c961a5e2cec20ab879f21100f
	https://git.kernel.org/stable/c/7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b
	https://git.kernel.org/stable/c/6b948b54c8bd620725e0c906e44b10c0b13087a7
	https://git.kernel.org/stable/c/2884a50f52313a7a911de3afcad065ddbb3d78fc
	https://git.kernel.org/stable/c/e8678551c0243f799b4859448781cbec1bd6f1cb
	https://git.kernel.org/stable/c/4f2bdb3c5e3189297e156b3ff84b140423d64685