Commit a343788c authored by Johannes Berg's avatar Johannes Berg Committed by Robin Peng
Browse files

UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption 



commit bcca8520 upstream.

If a non-transmitted BSS shares enough information (both
SSID and BSSID!) with another non-transmitted BSS of a
different AP, then we can find and update it, and then
try to add it to the non-transmitted BSS list. We do a
search for it on the transmitted BSS, but if it's not
there (but belongs to another transmitted BSS), the list
gets corrupted.

Since this is an erroneous situation, simply fail the
list insertion in this case and free the non-transmitted
BSS.

This fixes CVE-2022-42721.

Bug: 253642088
Bug: 256770696
Reported-by: default avatarSönke Huster <shuster@seemoo.tu-darmstadt.de>
Tested-by: default avatarSönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 0b8fb823 ("cfg80211: Parsing of Multiple BSSID information in scanning")
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLee Jones <joneslee@google.com>
Change-Id: If83261f8b711f5ad0ce922abea2c35fedbc36c39
(cherry picked from commit 88b3da76)
parent 75200217
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment