Commit 88b3da76 authored Oct 01, 2022 by Johannes Berg Committed by Lee Jones Oct 24, 2022

UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption



commit bcca8520 upstream.

If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Bug: 253642088
Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb823 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: If83261f8b711f5ad0ce922abea2c35fedbc36c39

parent 1e18328c

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit a343788c
· Nov 05, 2025

mentioned in commit a343788c

mentioned in commit a343788c139066e500a09efa07f3cda159699e1d

Toggle commit list

Please to comment