CVE-2024-27053

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27053
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted ----------------------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_dereference_check() usage! [...] stack backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333 Hardware name: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x48 dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4 wilc_parse_join_bss_param from connect+0x2c4/0x648 connect from cfg80211_connect+0x30c/0xb74 cfg80211_connect from nl80211_connect+0x860/0xa94 nl80211_connect from genl_rcv_msg+0x3fc/0x59c genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8 netlink_rcv_skb from genl_rcv+0x2c/0x3c genl_rcv from netlink_unicast+0x3b0/0x550 netlink_unicast from netlink_sendmsg+0x368/0x688 netlink_sendmsg from ____sys_sendmsg+0x190/0x430 ____sys_sendmsg from ___sys_sendmsg+0x110/0x158 ___sys_sendmsg from sys_sendmsg+0xe8/0x150 sys_sendmsg from ret_fast_syscall+0x0/0x1c This warning is emitted because in the connect path, when trying to parse target BSS parameters, we dereference a RCU pointer whithout being in RCU critical section. Fix RCU dereference usage by moving it to a RCU read critical section. To avoid wrapping the whole wilc_parse_join_bss_param under the critical section, just use the critical section to copy ies data

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f
https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce
https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de
https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2
https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38
https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2
https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7
https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2
https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f
https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce
https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de
https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2
https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38
https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2
https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7
https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Configurations

No configuration.

History

21 Nov 2024, 09:03

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
References () https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f - () https://git.kernel.org/stable/c/205c50306acf58a335eb19fa84e40140f4fe814f -
References () https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce - () https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce -
References () https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de - () https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de -
References () https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2 - () https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2 -
References () https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38 - () https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38 -
References () https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2 - () https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2 -
References () https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7 - () https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c93ace3a7 -
References () https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 - () https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 -

05 Nov 2024, 10:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

03 Jul 2024, 01:50

Type Values Removed Values Added
CWE CWE-476
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1

25 Jun 2024, 22:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html -
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: wilc1000: corrige el uso de RCU en la ruta de conexión Con lockdep habilitado, las llamadas a la función de conexión desde la capa cfg802.11 generan la siguiente advertencia: ======== ====================== ADVERTENCIA: uso sospechoso de RCU 6.7.0-rc1-wt+ #333 No contaminado ------------- ---------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 ¡uso sospechoso de rcu_dereference_check()! [...] pila backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant No está contaminado 6.7.0-rc1-wt+ #333 Nombre de hardware: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x48 dump_stack_lvl from wilc_parse_join_bss_para m +0x7dc/0x7f4 wilc_parse_join_bss_param desde connect+0x2c4/0x648 conectar desde cfg80211_connect+0x30c/0xb74 cfg80211_connect desde nl80211_connect+0x860/0xa94 nl80211_connect desde genl_rcv_msg+0x3fc /0x59c genl_rcv_msg de netlink_rcv_skb+0xd0/0x1f8 netlink_rcv_skb de genl_rcv+0x2c/0x3c genl_rcv de netlink_unicast+ 0x3b0/0x550 netlink_unicast de netlink_sendmsg+0x368/0x688 netlink_sendmsg de ____sys_sendmsg+0x190/0x430 ____sys_sendmsg de ___sys_sendmsg+0x110/0x158 ___sys_sendmsg de sys_sendmsg +0xe8/0x150 sys_sendmsg de ret_fast_syscall+0x0/0x1c Esta advertencia se emite porque en la ruta de conexión, al intentar Para analizar los parámetros BSS de destino, eliminamos la referencia a un puntero de RCU sin estar en la sección crítica de RCU. Corrija el uso de desreferenciación de RCU moviéndolo a una sección crítica de lectura de RCU. Para evitar incluir todo el wilc_parse_join_bss_param en la sección crítica, simplemente use la sección crítica para copiar datos de ies

01 May 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-01 13:15

Updated : 2024-11-21 09:03

NVD link : CVE-2024-27053

Mitre link : CVE-2024-27053

CVE.ORG link : CVE-2024-27053

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024