iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Johannes Berg 93a3a32554 wifi: mac80211: fix crash in beacon protection for P2P-device 
commit b2d03cabe2b2e150ff5a381731ea0355459be09f upstream.

If beacon protection is active but the beacon cannot be
decrypted or is otherwise malformed, we call the cfg80211
API to report this to userspace, but that uses a netdev
pointer, which isn't present for P2P-Device. Fix this to
call it only conditionally to ensure cfg80211 won't crash
in the case of P2P-Device.

This fixes CVE-2022-42722.

Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
Fixes: 9eaf183af741 ("mac80211: Report beacon protection failures to user space")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-10-15 07:59:03 +02:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-07-22 16:19:03 +02:00
9p
net/9p: Initialize the iounit field during fid creation
2022-08-17 14:24:23 +02:00
802
net: 802: remove dead leftover after ipx driver removal
2021-08-13 16:30:35 -07:00
8021q
net: use eth_hw_addr_set() instead of ether_addr_copy()
2022-08-31 17:16:37 +02:00
appletalk
net: socket: rework compat_ifreq_ioctl()
2021-07-23 14:20:25 +01:00
atm
atm: Use list_for_each_entry() to simplify code in resources.c
2021-06-10 14:08:09 -07:00
ax25
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
2022-06-22 14:22:01 +02:00
batman-adv
batman-adv: Use netif_rx_any_context() any.
2022-07-29 17:25:07 +02:00
bluetooth
Bluetooth: L2CAP: Fix build errors in some archs
2022-09-05 10:30:06 +02:00
bpf
bpf: Don't redirect packets with invalid pkt_len
2022-09-05 10:30:07 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-06-25 13:13:50 +02:00
bridge
netfilter: ebtables: fix memory leak when blob is malformed
2022-09-28 11:11:52 +02:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-14 12:51:15 +01:00
can
can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
2022-08-25 11:40:46 +02:00
ceph
libceph: fix potential use-after-free on linger ping and resends
2022-05-25 09:57:28 +02:00
core
net: core: fix flow symmetric hash
2022-09-28 11:11:47 +02:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:12:52 +01:00
dccp
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
2022-08-17 14:23:37 +02:00
decnet
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-03 12:03:51 +02:00
dns_resolver
dsa
net: dsa: hellcreek: Print warning only once
2022-09-20 12:39:45 +02:00
ethernet
move netdev_boot_setup into Space.c
2021-08-03 13:05:26 +01:00
ethtool
ethtool: Fix get module eeprom fallback
2022-06-29 09:03:23 +02:00
hsr
net: use eth_hw_addr_set() instead of ether_addr_copy()
2022-08-31 17:16:37 +02:00
ieee802154
net/ieee802154: fix uninit value bug in dgram_sendmsg
2022-10-12 09:53:27 +02:00
ife
ipv4
net: Find dst with sk's xfrm policy not ctl_sk
2022-09-23 14:15:51 +02:00
ipv6
net: Find dst with sk's xfrm policy not ctl_sk
2022-09-23 14:15:51 +02:00
iucv
net/iucv: Replace deprecated CPU-hotplug functions.
2021-08-09 10:13:32 +01:00
kcm
kcm: fix strp_init() order and cleanup
2022-09-08 12:28:03 +02:00
key
af_key: Do not call xfrm_probe_algs in parallel
2022-08-31 17:16:36 +02:00
l2tp
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
2022-06-22 14:21:58 +02:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-27 14:38:53 +02:00
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 09:58:46 +02:00
mac80211
wifi: mac80211: fix crash in beacon protection for P2P-device
2022-10-15 07:59:03 +02:00
mac802154
net: mac802154: Fix a condition in the receive path
2022-09-08 12:28:07 +02:00
mctp
mctp: Fix check for dev_hard_header() result
2022-04-13 20:59:16 +02:00
mpls
net: Use u64_stats_fetch_begin_irq() for stats fetch.
2022-09-08 12:28:07 +02:00
mptcp
mptcp: Fix crash due to tcp_tsorted_anchor was initialized before release skb
2022-08-31 17:16:50 +02:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:42:37 +01:00
netfilter
netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain()
2022-09-28 11:11:51 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2022-04-13 20:59:10 +02:00
netlink
net: genl: fix error path memory leak in policy dumping
2022-08-25 11:40:25 +02:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 11:04:00 +01:00
nfc
NFC: NULL out the dev->rfkill to prevent UAF
2022-06-09 10:22:46 +02:00
nsh
openvswitch
openvswitch: fix memory leak at failed datapath creation
2022-09-08 12:28:02 +02:00
packet
net/af_packet: check len when min_header_len equals to 0
2022-09-05 10:30:12 +02:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:35:16 +01:00
psample
qrtr
net: qrtr: start MHI channel after endpoit creation
2022-08-25 11:40:29 +02:00
rds
rds: add missing barrier to release_refill
2022-08-25 11:39:54 +02:00
rfkill
rfkill: make new event layout opt-in
2022-04-08 14:23:00 +02:00
rose
rose: check NULL rose_loopback_neigh->loopback
2022-08-31 17:16:38 +02:00
rxrpc
rxrpc: Fix calc of resend age
2022-09-23 14:15:50 +02:00
sched
net: sched: act_ct: fix possible refcount leak in tcf_ct_init()
2022-10-05 10:39:42 +02:00
sctp
sctp: leave the err path free in sctp_stream_init to sctp_stream_free
2022-08-03 12:03:54 +02:00
smc
net/smc: Stop the CLC flow if no link to map buffers on
2022-09-28 11:11:53 +02:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 19:17:11 +01:00
sunrpc
SUNRPC: RPC level errors should set task->tk_rpc_status
2022-08-31 17:16:37 +02:00
switchdev
net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge
2021-08-04 12:35:07 +01:00
tipc
tipc: fix shift wrapping bug in map_get()
2022-09-15 11:30:05 +02:00
tls
net/tls: Remove the context from the list in tls_device_down
2022-08-03 12:03:47 +02:00
unix
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
2022-06-14 18:36:17 +02:00
vmw_vsock
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
2022-08-25 11:40:11 +02:00
wireless
wifi: cfg80211: avoid nontransmitted BSS list corruption
2022-10-15 07:59:03 +02:00
x25
net/x25: Fix null-ptr-deref caused by x25_disconnect
2022-04-08 14:23:53 +02:00
xdp
xsk: Inherit need_wakeup flag for shared sockets
2022-10-12 09:53:26 +02:00
xfrm
net: Fix data-races around netdev_max_backlog.
2022-08-31 17:16:42 +02:00
compat.c
net: Return the correct errno code
2021-06-03 15:13:56 -07:00
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
Makefile
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
socket.c
net: Fix a data-race around sysctl_somaxconn.
2022-08-31 17:16:45 +02:00
sysctl_net.c