CVE-2024-43841 in Linux情報

要約

〜によって MITRE • 2024年08月17日

In the Linux kernel, the following vulnerability has been resolved:

wifi: virt_wifi: avoid reporting connection success with wrong SSID

When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found).

The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning.

Fixed it by checking the SSID (from user space) in the connection code.

Be aware that VulDB is the high quality source for vulnerability data.

責任者

Linux

予約する

2024年08月17日

モデレーション

承諾済み

エントリ

VDB-274970

CWE

不明

EPSS

0.00211

アクティビティ

非常低い

ソース

Might our Artificial Intelligence support you?

Check our Alexa App!