CVE-2024-26693
wifi: iwlwifi: mvm: fix a crash when we run out of stations
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: fix a crash when we run out of stations
A DoS tool that injects loads of authentication frames made our AP
crash. The iwl_mvm_is_dup() function couldn't find the per-queue
dup_data which was not allocated.
The root cause for that is that we ran out of stations in the firmware
and we didn't really add the station to the firmware, yet we didn't
return an error to mac80211.
Mac80211 was thinking that we have the station and because of that,
sta_info::uploaded was set to 1. This allowed
ieee80211_find_sta_by_ifaddr() to return a valid station object, but
that ieee80211_sta didn't have any iwl_mvm_sta object initialized and
that caused the crash mentioned earlier when we got Rx on that station.
En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: wifi: iwlwifi: mvm: soluciona un fallo cuando nos quedamos sin estaciones Una herramienta DoS que inyecta un montón de marcos de autenticación hacía que nuestro AP fallara. La función iwl_mvm_is_dup() no pudo encontrar los datos dup_data por cola que no estaban asignados. La causa principal de esto es que nos quedamos sin estaciones en el firmware y realmente no agregamos la estación al firmware, pero no devolvimos un error a mac80211. Mac80211 estaba pensando que teníamos la estación y debido a eso, sta_info::uploaded se configuró en 1. Esto permitió que ieee80211_find_sta_by_ifaddr() devolviera un objeto de estación válido, pero que ieee80211_sta no tenía ningún objeto iwl_mvm_sta inicializado y eso causó el bloqueo. Mencioné anteriormente cuando obtuvimos Rx en esa estación.
A vulnerability was found in the Linux kernel's iwlwifi driver, which can result in a crash due to improper handling of station data (STA) when the system runs out of available stations in the firmware. This could lead to a denial of service (Dos) which crashes the Access Point (AP).
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-03 CVE Published
- 2024-04-04 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/57974a55d995468a9a476e24693eb741c649b25f | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-26693 | 2024-06-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2273094 | 2024-06-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.18" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.7.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.8" | en |
Affected
| ||||||