CVE-2022-49533

ath11k: Change max no of active probe SSID and BSSID to fw capability

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (1)

MITRE

CWE (0)

CAPEC (-)

Risk

CVSS Score

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (3)

< 5.17.14, < 5.18.3, < 5.19

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (3)

General (-)

Exploits & POcs (-)

Patches (3)

kernel

Advisories (-)

Summary

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently
reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver.
The scan_req_params structure only has the capacity to hold 10 SSIDs.
This leads to a buffer overflow which can be triggered from
wpa_supplicant in userspace. When copying the SSIDs into the
scan_req_params structure in the ath11k_mac_op_hw_scan route, it can
overwrite the extraie pointer. Firmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe
request will be sent, so totally 64 probe requests supported. So
set both max ssid and bssid to 16 and 4 respectively. Remove the
redundant macros of ssid and bssid. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/210505788f1d243232e21ef660efcd4838890ce8	2022-06-09
https://git.kernel.org/stable/c/ec5dfa1d66f2f71a48dab027d26a9fa78eb0f58f	2022-06-09
https://git.kernel.org/stable/c/50dc9ce9f80554a88e33b73c30851acf2be36ed3	2022-04-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.17.14 Search vendor "Linux" for product "Linux Kernel" and version " < 5.17.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.18.3 Search vendor "Linux" for product "Linux Kernel" and version " < 5.18.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.19 Search vendor "Linux" for product "Linux Kernel" and version " < 5.19"		en		Affected

CVE-2022-49533

ath11k: Change max no of active probe SSID and BSSID to fw capability

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (3)

Affected Vendors, Products, and Versions