cve/published/2024/CVE-2024-43841.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-43841: wifi: virt_wifi: avoid reporting connection success with wrong SSID

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 wifi: virt_wifi: avoid reporting connection success with wrong SSID

 When user issues a connection with a different SSID than the one
 virt_wifi has advertised, the __cfg80211_connect_result() will
 trigger the warning: WARN_ON(bss_not_found).

 The issue is because the connection code in virt_wifi does not
 check the SSID from user space (it only checks the BSSID), and
 virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS
 even if the SSID is different from the one virt_wifi has advertised.
 Eventually cfg80211 won't be able to find the cfg80211_bss and generate
 the warning.

 Fixed it by checking the SSID (from user space) in the connection code.

 The Linux kernel CVE team has assigned CVE-2024-43841 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 5.4.282 with commit 994fc2164a03200c3bf42fb45b3d49d9d6d33a4d
 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 5.10.224 with commit 05c4488a0e446c6ccde9f22b573950665e1cd414
 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 5.15.165 with commit 93e898a264b4e0a475552ba9f99a016eb43ef942
 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.1.103 with commit d3cc85a10abc8eae48988336cdd3689ab92581b3
 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.6.44 with commit 36e92b5edc8e0daa18e9325674313802ce3fbc29
 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.10.3 with commit 416d3c1538df005195721a200b0371d39636e05d
 	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.11 with commit b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-43841
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/wireless/virtual/virt_wifi.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d
 	https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414
 	https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942
 	https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3
 	https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29
 	https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d
 	https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-43841: wifi: virt_wifi: avoid reporting connection success with wrong SSID

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	wifi: virt_wifi: avoid reporting connection success with wrong SSID

	When user issues a connection with a different SSID than the one
	virt_wifi has advertised, the __cfg80211_connect_result() will
	trigger the warning: WARN_ON(bss_not_found).

	The issue is because the connection code in virt_wifi does not
	check the SSID from user space (it only checks the BSSID), and
	virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS
	even if the SSID is different from the one virt_wifi has advertised.
	Eventually cfg80211 won't be able to find the cfg80211_bss and generate
	the warning.

	Fixed it by checking the SSID (from user space) in the connection code.

	The Linux kernel CVE team has assigned CVE-2024-43841 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 5.4.282 with commit 994fc2164a03200c3bf42fb45b3d49d9d6d33a4d
	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 5.10.224 with commit 05c4488a0e446c6ccde9f22b573950665e1cd414
	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 5.15.165 with commit 93e898a264b4e0a475552ba9f99a016eb43ef942
	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.1.103 with commit d3cc85a10abc8eae48988336cdd3689ab92581b3
	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.6.44 with commit 36e92b5edc8e0daa18e9325674313802ce3fbc29
	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.10.3 with commit 416d3c1538df005195721a200b0371d39636e05d
	Issue introduced in 5.0 with commit c7cdba31ed8b87526db978976392802d3f93110c and fixed in 6.11 with commit b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-43841
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/wireless/virtual/virt_wifi.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d
	https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414
	https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942
	https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3
	https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29
	https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d
	https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7