]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/patches/linux/linux-5.15-wifi-security-patches-5.patch
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
linux: Update to 5.15.85
[people/pmueller/ipfire-2.x.git] / src / patches / linux / linux-5.15-wifi-security-patches-5.patch
diff --git a/src/patches/linux/linux-5.15-wifi-security-patches-5.patch b/src/patches/linux/linux-5.15-wifi-security-patches-5.patch
deleted file mode 100644 (file)
index c0c4dad..0000000
--- a/src/patches/linux/linux-5.15-wifi-security-patches-5.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 0a8ee682e4f992eccce226b012bba600bb2251e2 Mon Sep 17 00:00:00 2001
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Sat, 1 Oct 2022 00:01:44 +0200
-Subject: [PATCH] wifi: cfg80211: avoid nontransmitted BSS list corruption
-MIME-Version: 1.0
-Content-Type: text/plain; charset=utf8
-Content-Transfer-Encoding: 8bit
-
-commit bcca852027e5878aec911a347407ecc88d6fff7f upstream.
-
-If a non-transmitted BSS shares enough information (both
-SSID and BSSID!) with another non-transmitted BSS of a
-different AP, then we can find and update it, and then
-try to add it to the non-transmitted BSS list. We do a
-search for it on the transmitted BSS, but if it's not
-there (but belongs to another transmitted BSS), the list
-gets corrupted.
-
-Since this is an erroneous situation, simply fail the
-list insertion in this case and free the non-transmitted
-BSS.
-
-This fixes CVE-2022-42721.
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/wireless/scan.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/net/wireless/scan.c b/net/wireless/scan.c
-index 2e576714e989..a21baf7b3612 100644
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -425,6 +425,15 @@ cfg80211_add_nontrans_list(struct cfg80211_bss *trans_bss,
-       rcu_read_unlock();
-+      /*
-+       * This is a bit weird - it's not on the list, but already on another
-+       * one! The only way that could happen is if there's some BSSID/SSID
-+       * shared by multiple APs in their multi-BSSID profiles, potentially
-+       * with hidden SSID mixed in ... ignore it.
-+       */
-+      if (!list_empty(&nontrans_bss->nontrans_list))
-+              return -EINVAL;
-+
-       /* add to the list */
-       list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list);
-       return 0;
--- 
-2.30.2
-
Peter's tree of IPFire 2.x