Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 587da9fc authored by Srikanth Marepalli's avatar Srikanth Marepalli
Browse files

wifi: cfg80211: avoid nontransmitted BSS list corruption 



If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Reported-by: default avatarSönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: default avatarSönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Link: https://lore.kernel.org/all/20221013175145.382242160@linuxfoundation.org/


Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Git-commit: bcca852027e5878aec911a347407ecc88d6fff7f
Git-repo: https://android.googlesource.com/kernel/common



Change-Id: Icb2106b5ac5ff5e3ecb50bd09440bce5560fbb05
Signed-off-by: default avatarSrikanth Marepalli <quic_srimarep@quicinc.com>
parent 2dc5013d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment