Lucene search

LinuxCVE-2024-27053

HistoryMay 01, 2024 - 1:15 p.m.

CVE-2024-27053

2024-05-0113:15:50

CWE-476

Linux

web.nvd.nist.gov

linux kernel

wilc1000 wifi

vulnerability

rcu usage

connect path

cfg802.11

warning

suspicious

fix

critical section

nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

wifi: wilc1000: fix RCU usage in connect path

With lockdep enabled, calls to the connect function from cfg802.11 layer
lead to the following warning:

=============================
WARNING: suspicious RCU usage
6.7.0-rc1-wt+ #333 Not tainted

drivers/net/wireless/microchip/wilc1000/hif.c:386
suspicious rcu_dereference_check() usage!
[…]
stack backtrace:
CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333
Hardware name: Atmel SAMA5
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x34/0x48
dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4
wilc_parse_join_bss_param from connect+0x2c4/0x648
connect from cfg80211_connect+0x30c/0xb74
cfg80211_connect from nl80211_connect+0x860/0xa94
nl80211_connect from genl_rcv_msg+0x3fc/0x59c
genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8
netlink_rcv_skb from genl_rcv+0x2c/0x3c
genl_rcv from netlink_unicast+0x3b0/0x550
netlink_unicast from netlink_sendmsg+0x368/0x688
netlink_sendmsg from ____sys_sendmsg+0x190/0x430
____sys_sendmsg from ___sys_sendmsg+0x110/0x158
___sys_sendmsg from sys_sendmsg+0xe8/0x150
sys_sendmsg from ret_fast_syscall+0x0/0x1c

This warning is emitted because in the connect path, when trying to parse
target BSS parameters, we dereference a RCU pointer whithout being in RCU
critical section.
Fix RCU dereference usage by moving it to a RCU read critical section. To
avoid wrapping the whole wilc_parse_join_bss_param under the critical
section, just use the critical section to copy ies data

Affected configurations

Vulners

Node

linuxlinux_kernelRange5.1–5.4.273

linuxlinux_kernelRange5.5.0–5.10.214

linuxlinux_kernelRange5.11.0–5.15.153

linuxlinux_kernelRange5.16.0–6.1.83

linuxlinux_kernelRange6.2.0–6.6.23

linuxlinux_kernelRange6.7.0–6.7.11

linuxlinux_kernelRange6.8.0–6.8.2

linuxlinux_kernelRange6.9.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/microchip/wilc1000/hif.c"
    ],
    "versions": [
      {
        "version": "c460495ee072",
        "lessThan": "e556006de4ea",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "b4bbf38c350a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "d80fc436751c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "745003b5917b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "4bfd20d5f5c6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "5800ec78775c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "dd50d3ead6e3",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c460495ee072",
        "lessThan": "205c50306acf",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/microchip/wilc1000/hif.c"
    ],
    "versions": [
      {
        "version": "5.1",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.1",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.273",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.214",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.153",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.83",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.23",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.11",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.2",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]