CVE-2024-43841 wifi: virt_wifi: avoid reporting connection success with wrong SSID

2024-08-1709:21:56

Linux

www.cve.org

linux kernel

virt_wifi

ssid mismatch

security vulnerability

EPSS

Percentile

10.8%

JSON

In the Linux kernel, the following vulnerability has been resolved:

wifi: virt_wifi: avoid reporting connection success with wrong SSID

When user issues a connection with a different SSID than the one
virt_wifi has advertised, the __cfg80211_connect_result() will
trigger the warning: WARN_ON(bss_not_found).

The issue is because the connection code in virt_wifi does not
check the SSID from user space (it only checks the BSSID), and
virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS
even if the SSID is different from the one virt_wifi has advertised.
Eventually cfg80211 won’t be able to find the cfg80211_bss and generate
the warning.

Fixed it by checking the SSID (from user space) in the connection code.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/virtual/virt_wifi.c"
    ],
    "versions": [
      {
        "version": "c7cdba31ed8b",
        "lessThan": "994fc2164a03",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c7cdba31ed8b",
        "lessThan": "05c4488a0e44",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c7cdba31ed8b",
        "lessThan": "93e898a264b4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c7cdba31ed8b",
        "lessThan": "d3cc85a10abc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c7cdba31ed8b",
        "lessThan": "36e92b5edc8e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c7cdba31ed8b",
        "lessThan": "416d3c1538df",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c7cdba31ed8b",
        "lessThan": "b5d14b0c6716",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/virtual/virt_wifi.c"
    ],
    "versions": [
      {
        "version": "5.0",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.0",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.282",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.224",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.165",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.103",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.44",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.3",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]