]> git.ipfire.org Git - thirdparty/openwrt.git/commit
hostapd: fix security advisory 2026-1 24043/head
authorHauke Mehrtens <hauke@hauke-m.de>
Thu, 2 Jul 2026 23:46:56 +0000 (01:46 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 4 Jul 2026 23:20:15 +0000 (01:20 +0200)
commit8614a2ba6885d0bec345a1010a0d59c64abe403c
tree1412075933125b26587176e3b67b6439071a3d15
parent1a289c47a817ab2e202f25854e1893d21b6dd483
hostapd: fix security advisory 2026-1

Cherry pick the patches recommended in the hostapd security advisory
2026-1:
https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt

Vulnerability

Vulnerabilities in parsing and use of received multi-link (MLO/EHT/IEEE
802.11be/Wi-Fi 7) information has been identified in hostapd and
wpa_supplicant. These issues show up in various cases where frames
including information on affiliated links are parsed and processed in
both AP and STA modes. The issues can result in process termination due
to buffer read overflow checks and memory corruption.

The issues for AP mode (hostapd or wpa_supplicant) can result in
denial-of-service attacks due to process termination and small memory
corruption that could theoretically cause other issues, but it does not
seem likely that those could be exploiting in practice. Affected areas
can be reached by sending invalid Management frames without needing
authentication or user action on the target device.

CVE-2026-58374

Link: https://github.com/openwrt/openwrt/pull/24043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
14 files changed:
package/network/services/hostapd/Makefile
package/network/services/hostapd/patches/001-AP-MLD-Fix-link-ID-validation-in-Basic-MLE-parsing.patch [new file with mode: 0644]
package/network/services/hostapd/patches/002-BSS-Add-bounds-check-for-link_id-in-Basic-MLE-parsin.patch [new file with mode: 0644]
package/network/services/hostapd/patches/003-MLD-Validate-MLE-Link-ID-fields-in-association-rejec.patch [new file with mode: 0644]
package/network/services/hostapd/patches/004-Verify-MLD-link-ID-validity-in-get_basic_mle_link_id.patch [new file with mode: 0644]
package/network/services/hostapd/patches/005-MLD-Verify-link-ID-validity-in-MLE-in-reconfiguratio.patch [new file with mode: 0644]
package/network/services/hostapd/patches/006-AP-MLD-Verify-AP-MLD-link-ID-validity-before-updatin.patch [new file with mode: 0644]
package/network/services/hostapd/patches/007-MLD-Fix-length-check-in-common-info-for-association-.patch [new file with mode: 0644]
package/network/services/hostapd/patches/008-BSS-Fix-validation-of-ML-common-info-length-during-s.patch [new file with mode: 0644]
package/network/services/hostapd/patches/200-multicall.patch
package/network/services/hostapd/patches/600-ubus_support.patch
package/network/services/hostapd/patches/601-ucode_support.patch
package/network/services/hostapd/patches/720-iface_max_num_sta.patch
package/network/services/hostapd/patches/762-AP-don-t-ignore-probe-requests-with-invalid-DSSS-par.patch