5.5

CVE-2022-49942

wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected

When we are not connected to a channel, sending channel "switch"
announcement doesn't make any sense.

The BSS list is empty in that case. This causes the for loop in
cfg80211_get_bss() to be bypassed, so the function returns NULL
(check line 1424 of net/wireless/scan.c), causing the WARN_ON()
in ieee80211_ibss_csa_beacon() to get triggered (check line 500
of net/mac80211/ibss.c), which was consequently reported on the
syzkaller dashboard.

Thus, check if we have an existing connection before generating
the CSA beacon in ieee80211_ibss_finish_csa().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.13 < 4.9.328
LinuxLinux Kernel Version >= 4.10 < 4.14.293
LinuxLinux Kernel Version >= 4.15 < 4.19.258
LinuxLinux Kernel Version >= 4.20 < 5.4.213
LinuxLinux Kernel Version >= 5.5 < 5.10.142
LinuxLinux Kernel Version >= 5.11 < 5.15.66
LinuxLinux Kernel Version >= 5.16 < 5.19.8
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.12
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677
Patch
https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b
Patch
https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b
Patch
https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e
Patch
https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780
Patch
https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508
Patch
https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d
Patch
https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0
Patch