wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack. Fix this by returning only used priv pointers which have priv->bss_mode set to something else than NL80211_IFTYPE_UNSPECIFIED.
Said NULL pointer dereference happened when an Accesspoint was started with wpa_supplicant -i mlan0 with this config:
network={ ssid="somessid" mode=2 frequency=2412 key_mgmt=WPA-PSK WPA-PSK-SHA256 proto=RSN group=CCMP pairwise=CCMP psk="12345678" }
When waiting for the AP to be established, interrupting wpa_supplicant with and starting it again this happens:
| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140 | Mem abort info: | ESR = 0x0000000096000004 | EC = 0x25: DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | FSC = 0x04: level 0 translation fault | Data abort info: | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 | CM = 0, WnR = 0, TnD = 0, TagAccess = 0 | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000046d96000 | [0000000000000140] pgd=0000000000000000, p4d=0000000000000000 | Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP | Modules linked in: caam_jr caamhash_desc spidev caamalg_desc crypto_engine authenc libdes mwifiex_sdio +mwifiex crct10dif_ce cdc_acm onboard_usb_hub fsl_imx8_ddr_perf imx8m_ddrc rtc_ds1307 lm75 rtc_snvs +imx_sdma caam imx8mm_thermal spi_imx error imx_cpufreq_dt fuse ip_tables x_tables ipv6 | CPU: 0 PID: 8 Comm: kworker/0:1 Not tainted 6.9.0-00007-g937242013fce-dirty #18 | Hardware name: somemachine (DT) | Workqueue: events sdio_irq_work | pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : mwifiex_get_cfp+0xd8/0x15c [mwifiex] | lr : mwifiex_get_cfp+0x34/0x15c [mwifiex] | sp : ffff8000818b3a70 | x29: ffff8000818b3a70 x28: ffff000006bfd8a5 x27: 0000000000000004 | x26: 000000000000002c x25: 0000000000001511 x24: 0000000002e86bc9 | x23: ffff000006bfd996 x22: 0000000000000004 x21: ffff000007bec000 | x20: 000000000000002c x19: 0000000000000000 x18: 0000000000000000 | x17: 000000040044ffff x16: 00500072b5503510 x15: ccc283740681e517 | x14: 0201000101006d15 x13: 0000000002e8ff43 x12: 002c01000000ffb1 | x11: 0100000000000000 x10: 02e8ff43002c0100 x9 : 0000ffb100100157 | x8 : ffff000003d20000 x7 : 00000000000002f1 x6 : 00000000ffffe124 | x5 : 0000000000000001 x4 : 0000000000000003 x3 : 0000000000000000 | x2 : 0000000000000000 x1 : 0001000000011001 x0 : 0000000000000000 | Call trace: | mwifiex_get_cfp+0xd8/0x15c [mwifiex] | mwifiex_parse_single_response_buf+0x1d0/0x504 [mwifiex] | mwifiex_handle_event_ext_scan_report+0x19c/0x2f8 [mwifiex] | mwifiex_process_sta_event+0x298/0xf0c [mwifiex] | mwifiex_process_event+0x110/0x238 [mwifiex] | mwifiex_main_process+0x428/0xa44 [mwifiex] | mwifiex_sdio_interrupt+0x64/0x12c [mwifiex_sdio] | process_sdio_pending_irqs+0x64/0x1b8 | sdio_irq_work+0x4c/0x7c | process_one_work+0x148/0x2a0 | worker_thread+0x2fc/0x40c | kthread+0x110/0x114 | ret_from_fork+0x10/0x20 | Code: a94153f3 a8c37bfd d50323bf d65f03c0 (f940a000) | ---[ end trace 0000000000000000 ]---
Affected products
98- osv-coords97 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_3&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_3&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_62&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 6.4.0-150600.23.25.1+ 96 more
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.33.69.1
- (no CPE)range: < 6.4.0-150600.8.14.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 6.4.0-150600.23.25.1.150600.12.10.2
- (no CPE)range: < 5.14.21-150500.55.83.1.150500.6.37.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.2
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 6.4.0-150600.23.25.2
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 5.14.21-150500.33.69.1
- (no CPE)range: < 6.4.0-150600.8.14.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.33.69.1
- (no CPE)range: < 6.4.0-150600.8.14.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.33.69.1
- (no CPE)range: < 6.4.0-150600.8.14.1
- (no CPE)range: < 6.4.0-15061.6.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.6.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.83.1.150500.6.37.1
- (no CPE)range: < 5.14.21-150500.55.83.1.150500.6.37.1
- (no CPE)range: < 6.4.0-150600.23.25.1.150600.12.10.2
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 6.4.0-20.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.2
- (no CPE)range: < 6.4.0-20.1
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-1.2
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150600.1.3.1
- (no CPE)range: < 1-150600.13.3.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.2
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-11.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.33.69.1
- (no CPE)range: < 6.4.0-150600.8.14.1
- (no CPE)range: < 6.4.0-15061.6.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 6.4.0-20.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-11.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.33.69.1
- (no CPE)range: < 6.4.0-150600.8.14.1
- (no CPE)range: < 6.4.0-15061.6.coco15sp6.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 4.12.14-122.234.1
- (no CPE)range: < 5.14.21-150500.13.73.1
- (no CPE)range: < 6.4.0-150600.10.14.1
- (no CPE)range: < 5.14.21-150500.55.83.1
- (no CPE)range: < 6.4.0-150600.23.25.1
- (no CPE)range: < 1-8.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/1a05d8d02cfa3540ea5dbd6b39446bd3f515521fmitre
- git.kernel.org/stable/c/9813770f25855b866b8ead8155b8806b2db70f6dmitre
- git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7amitre
- git.kernel.org/stable/c/c145eea2f75ff7949392aebecf7ef0a81c1f6c14mitre
- git.kernel.org/stable/c/c16916dd6c16fa7e13ca3923eb6b9f50d848ad03mitre
- git.kernel.org/stable/c/c2618dcb26c7211342b54520b5b148c0d3471c8amitre
- git.kernel.org/stable/c/cb67b2e51b75f1a17bee7599c8161b96e1808a70mitre
- git.kernel.org/stable/c/d834433ff313838a259bb6607055ece87b895b66mitre
News mentions
0No linked articles in our index yet.