Lucene search

K
cvelistLinuxCVELIST:CVE-2024-26682
HistoryApr 02, 2024 - 7:01 a.m.

CVE-2024-26682 wifi: mac80211: improve CSA/ECSA connection refusal

2024-04-0207:01:45
Linux
www.cve.org
linux kernel
wifi improvement
channel switching
probe response
security fix

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: improve CSA/ECSA connection refusal

As mentioned in the previous commit, we pretty quickly found
that some APs have ECSA elements stuck in their probe response,
so using that to not attempt to connect while CSA is happening
we never connect to such an AP.

Improve this situation by checking more carefully and ignoring
the ECSA if cfg80211 has previously detected the ECSA element
being stuck in the probe response.

Additionally, allow connecting to an AP that’s switching to a
channel it’s already using, unless it’s using quiet mode. In
this case, we may just have to adjust bandwidth later. If it’s
actually switching channels, it’s better not to try to connect
in the middle of that.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/mac80211/mlme.c"
    ],
    "versions": [
      {
        "version": "c09c4f31998b",
        "lessThan": "ea88bde8e3fe",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c09c4f31998b",
        "lessThan": "35e2385dbe78",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/mac80211/mlme.c"
    ],
    "versions": [
      {
        "version": "6.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.5",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-26682