iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Johannes Berg 9b21fcae6f mac80211: drop A-MSDUs on old ciphers 
commit 270032a2a9c4535799736142e1e7c413ca7b836e upstream.

With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
since A-MSDUs are only supported if we know that they are, and
the only practical way for that is HT support which doesn't
support old ciphers.

However, we would normally accept them anyway. Since we check
the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
the QoS header is not protected in TKIP (or WEP), this enables
attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
completely with old ciphers.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210511200110.076543300172.I548e6e71f1ee9cad4b9a37bf212ae7db723587aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-03 09:00:29 +02:00
..
6lowpan
9p
net: 9p: advance iov on empty read
2021-04-07 15:00:08 +02:00
802
8021q
net: vlan: avoid leaks on register_vlan_dev() failures
2021-01-17 14:16:55 +01:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 15:00:08 +02:00
atm
net: atm: fix update of position index in lec_seq_next
2020-10-31 12:26:30 -07:00
ax25
batman-adv
batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
2021-04-14 08:41:59 +02:00
bluetooth
Bluetooth: SMP: Fail if remote and local public keys are identical
2021-05-26 12:06:57 +02:00
bpf
bpf: Reject too big ctx_size_in for raw_tp test run
2021-01-27 11:55:07 +01:00
bpfilter
Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH"
2020-10-15 12:33:24 -07:00
bridge
bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit
2021-05-22 11:40:54 +02:00
caif
caif: Remove duplicate macro SRVL_CTRL_PKT_SIZE
2020-09-05 15:57:05 -07:00
can
can: isotp: fix msg_namelen values depending on CAN_REQUIRED_SIZE
2021-04-14 08:42:07 +02:00
ceph
libceph: clear con->out_msg on Policy::stateful_server faults
2020-10-12 15:29:27 +02:00
core
mm: fix struct page layout on 32-bit systems
2021-05-19 10:13:17 +02:00
dcb
net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands
2021-01-23 16:04:01 +01:00
dccp
ipv6: weaken the v4mapped source check
2021-03-30 14:32:01 +02:00
decnet
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
dns_resolver
dsa
net: dsa: Fix type was not set for devlink port
2021-04-14 08:42:07 +02:00
ethernet
ethtool
ethtool: fix missing NLM_F_MULTI flag when dumping
2021-05-19 10:13:08 +02:00
hsr
net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info
2021-05-22 11:40:54 +02:00
ieee802154
net: ieee802154: forbid monitor for add llsec seclevel
2021-04-21 13:00:53 +02:00
ife
ipv4
net: Only allow init netns to set default tcp cong to a restricted algo
2021-05-14 09:50:46 +02:00
ipv6
ipv6: remove extra dev_hold() for fallback tunnels
2021-05-22 11:40:55 +02:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:34:05 +01:00
kcm
key
af_key: relax availability checks for skb size calculation
2021-02-13 13:55:02 +01:00
l2tp
net: l2tp: reduce log level of messages in receive path, add counter instead
2021-03-17 17:06:11 +01:00
l3mdev
net: Fix some comments
2020-08-27 07:55:59 -07:00
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:29:14 +01:00
llc
mac80211
mac80211: drop A-MSDUs on old ciphers
2021-06-03 09:00:29 +02:00
mac802154
net: mac802154: Fix general protection fault
2021-04-14 08:42:13 +02:00
mpls
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
2021-03-17 17:06:11 +01:00
mptcp
mptcp: fix splat when closing unaccepted socket
2021-05-19 10:13:10 +02:00
ncsi
net/ncsi: Avoid channel_monitor hrtimer deadlock
2021-04-14 08:42:08 +02:00
netfilter
netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version
2021-06-03 09:00:28 +02:00
netlabel
cipso,calipso: resolve a number of problems with the DOI refcounts
2021-03-17 17:06:15 +01:00
netlink
netlink: export policy in extended ACK
2020-10-09 20:22:32 -07:00
netrom
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
nfc
NFC: nci: fix memory leak in nci_allocate_device
2021-05-28 13:17:43 +02:00
nsh
openvswitch
openvswitch: fix stack OOB read while fragmenting IPv4 packets
2021-05-11 14:47:34 +02:00
packet
net/packet: remove data races in fanout operations
2021-05-14 09:50:38 +02:00
phonet
treewide: Use fallthrough pseudo-keyword
2020-08-23 17:36:59 -05:00
psample
net: psample: Fix netlink skb length with tunnel info
2021-03-07 12:34:07 +01:00
qrtr
net: qrtr: Avoid potential use after free in MHI send
2021-05-07 11:04:31 +02:00
rds
net/rds: Fix a use after free in rds_message_map_pages
2021-04-14 08:42:09 +02:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-12 09:18:06 +01:00
rose
rose: Fix Null pointer dereference in rose_send_frame()
2020-11-20 10:04:58 -08:00
rxrpc
rxrpc: Fix clearance of Tx/Rx ring when releasing a call
2021-02-17 11:02:28 +01:00
sched
net/sched: fq_pie: fix OOB access in the traffic path
2021-06-03 09:00:28 +02:00
sctp
sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
2021-05-19 10:13:06 +02:00
smc
smc: disallow TCP_ULP in smc_setsockopt()
2021-05-19 10:13:08 +02:00
strparser
sunrpc
sunrpc: Fix misplaced barrier in call_decode
2021-05-19 10:13:06 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:37:12 +01:00
tipc
tipc: convert dest node's address to network order
2021-05-19 10:12:52 +02:00
tls
net: fix proc_fs init handling in af_packet and tls
2021-02-23 15:53:23 +01:00
unix
networking changes for the 5.10 merge window
2020-10-15 18:42:13 -07:00
vmw_vsock
vsock/virtio: free queued packets when closing socket
2021-05-14 09:50:41 +02:00
wimax
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
wireless
cfg80211: mitigate A-MSDU aggregation attacks
2021-06-03 09:00:29 +02:00
x25
net/x25: prevent a couple of overflows
2020-12-02 17:26:36 -08:00
xdp
xsk: Fix for xp_aligned_validate_desc() when len == chunk_size
2021-05-19 10:13:06 +02:00
xfrm
xfrm: BEET mode doesn't support fragments for inner packets
2021-04-21 13:00:51 +02:00
compat.c
iov_iter: transparently handle compat iovecs in import_iovec
2020-10-03 00:02:13 -04:00
devres.c
Kconfig
drop_monitor: Convert to using devlink tracepoint
2020-09-30 18:01:26 -07:00
Makefile
socket.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-10-05 18:40:01 -07:00
sysctl_net.c