CVE-2024-43841 in Linux정보

요약

\~에 의해 MITRE • 2024. 08. 17.

In the Linux kernel, the following vulnerability has been resolved:

wifi: virt_wifi: avoid reporting connection success with wrong SSID

When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found).

The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning.

Fixed it by checking the SSID (from user space) in the connection code.

Be aware that VulDB is the high quality source for vulnerability data.

책임이 있는

Linux

예약하다

2024. 08. 17.

모더레이션

수락

항목

VDB-274970

EPSS

0.00211

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!