CVE-2024-57898
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is -
nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() ieee80211_vif_update_links() ieee80211_link_stop() cfg80211_cac_event()
cfg80211_cac_event() requires link ID to be present but it is cleared already in cfg80211_remove_link(). Ultimately, WARN_ON() is hit.
Therefore, clear the link ID from the bitmap only after completing the link clean-up.
Affected products
5- osv-coords3 versionspkg:deb/ubuntu/linux-lowlatency@6.11.0-1011.12?arch=source&distro=oracularpkg:deb/ubuntu/linux-raspi@6.11.0-1010.10?arch=source&distro=oracularpkg:linux/kernel
< 6.11.0-1011.12+ 2 more
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1010.10
- (no CPE)range: >= 6.12.0, < 6.12.9
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.