CVE-2022-48784

cfg80211: fix race in netlink owner interface destruction

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

cfg80211: fix race in netlink owner interface destruction

My previous fix here to fix the deadlock left a race where
the exact same deadlock (see the original commit referenced
below) can still happen if cfg80211_destroy_ifaces() already
runs while nl80211_netlink_notify() is still marking some
interfaces as nl_owner_dead.

The race happens because we have two loops here - first we
dev_close() all the netdevs, and then we destroy them. If we
also have two netdevs (first one need only be a wdev though)
then we can find one during the first iteration, close it,
and go to the second iteration -- but then find two, and try
to destroy also the one we didn't close yet.

Fix this by only iterating once.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-07-16 CVE Published
2024-07-17 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/ea6b2098dd02789f68770fd3d5a373732207be2f	Vuln. Introduced
https://git.kernel.org/stable/c/2e4f97122f3a9df870dfe9671994136448890768	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/241e633cb379c4f332fc1baf2abec95ec840cbeb	2022-02-23
https://git.kernel.org/stable/c/c979f792a2baf6d0f3419587668a1a6eba46a3d2	2022-02-23
https://git.kernel.org/stable/c/f0a6fd1527067da537e9c48390237488719948ed	2022-02-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.25 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.25"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.16.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.16.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.12.1 Search vendor "Linux" for product "Linux Kernel" and version "5.12.1"		en		Affected