Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 587da9fcbc97237dbbb466c355d2cb547ac64da1
commit587da9fcbc97237dbbb466c355d2cb547ac64da1[log] [tgz]
authorSrikanth Marepalli <quic_srimarep@quicinc.com>Thu Nov 10 21:42:21 2022 +0530
committerSrikanth Marepalli <quic_srimarep@quicinc.com>Thu Nov 10 21:42:21 2022 +0530
treed7320f511bc26458476687e6fa8446bf2f6a2c8a
parent2dc5013d4a6ea208ea3b2d2f8c8ebd42e6ff46e1 [diff]
wifi: cfg80211: avoid nontransmitted BSS list corruption

If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Link: https://lore.kernel.org/all/20221013175145.382242160@linuxfoundation.org/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: bcca852027e5878aec911a347407ecc88d6fff7f
Git-repo: https://android.googlesource.com/kernel/common

Change-Id: Icb2106b5ac5ff5e3ecb50bd09440bce5560fbb05
Signed-off-by: Srikanth Marepalli <quic_srimarep@quicinc.com>
1 file changed
tree: d7320f511bc26458476687e6fa8446bf2f6a2c8a
  1. android/
  2. arch/
  3. block/
  4. certs/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. firmware/
  9. fs/
  10. include/
  11. init/
  12. ipc/
  13. kernel/
  14. lib/
  15. LICENSES/
  16. mm/
  17. net/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. techpack/
  23. tools/
  24. usr/
  25. virt/
  26. .clang-format
  27. .cocciconfig
  28. .get_maintainer.ignore
  29. .gitattributes
  30. .gitignore
  31. .mailmap
  32. Android.bp
  33. AndroidKernel.mk
  34. build.config.aarch64
  35. build.config.allmodconfig
  36. build.config.allmodconfig.aarch64
  37. build.config.allmodconfig.arm
  38. build.config.allmodconfig.x86_64
  39. build.config.arm
  40. build.config.common
  41. build.config.gki
  42. build.config.gki-debug.aarch64
  43. build.config.gki-debug.x86_64
  44. build.config.gki.aarch64
  45. build.config.gki.x86_64
  46. build.config.gki_kasan
  47. build.config.gki_kasan.aarch64
  48. build.config.gki_kasan.x86_64
  49. build.config.goldfish.arm
  50. build.config.goldfish.arm64
  51. build.config.goldfish.mips
  52. build.config.goldfish.mips64
  53. build.config.goldfish.x86
  54. build.config.goldfish.x86_64
  55. build.config.x86_64
  56. COPYING
  57. CREDITS
  58. gen_headers_arm.bp
  59. gen_headers_arm64.bp
  60. Kbuild
  61. Kconfig
  62. kernel_headers.py
  63. MAINTAINERS
  64. Makefile
  65. README
  66. verity_dev_keys.x509