Описание
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in cfg80211_next_nan_dw_notif.
Отчет
The mac80211_hwsim virtual WiFi driver contains an incorrect frequency constant used when generating NAN discovery window notifications on the 5 GHz band that can lead to Null pointer deref. In mac80211_hwsim_nan_dw_start the driver calls ieee80211_get_channel with 5475 MHz when nan_curr_dw_band is NL80211_BAND_5GHZ. That frequency does not correspond to a valid channel in typical wiphy channel tables so ieee80211_get_channel may return NULL. Subsequent NAN notification processing in cfg80211 may then dereference the channel pointer and crash the kernel in cfg80211_next_nan_dw_notif leading to a denial of service. The issue is most relevant in test and simulation environments where mac80211_hwsim is loaded and NAN simulation is enabled. A local attacker with permissions to configure wireless interfaces and NAN behavior can trigger the faulty path by enabling NAN simulation and causing 5 GHz NAN discovery window scheduling.
Меры по смягчению последствий
To mitigate this issue, prevent module mac80211_hwsim from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Показывать по
Дополнительная информация
Статус:
7.6 High
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in cfg80211_next_nan_dw_notif.
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in cfg80211_next_nan_dw_notif.
In the Linux kernel, the following vulnerability has been resolved: w ...
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in cfg80211_next_nan_dw_notif.
7.6 High
CVSS3