CVE-2024-27053: Linux Kernel Vulnerability in WiFi WILC100 Connect Path Resolved
Content: The Linux kernel has recently addressed a vulnerability in the wifi WILC100 connect path that was causing suspicious RCU (Read-Copy-Update) usage. The issue was found in the Linux 6.7.-rc1-wt+ kernel under the "drivers/net/wireless/microchip/wilc100/hif.c" file.
The warning emitted due to this vulnerability stated there was "suspicious rcu_dereference_check() usage." This issue was caused by the connect path attempting to parse target BSS parameters when dereferencing a RCU pointer without being in an RCU critical section. This problem has now been resolved by moving the RCU dereference to an RCU read critical section.
Here is a code snippet showing the change made to fix this issue
- RCU_dereference(...)
+ RCU_READ_LOCK();
+ RCU_dereference_check(...);
+ RCU_READ_UNLOCK();
The original reference to the commit that resolves this issue can be found at [Linux Git Repository] (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fa084ffa419cad749be85a023596055e62dffff).
With this change, there should no longer be a warning regarding suspicious RCU usage in the connect path when lockdep is enabled. The function "wilc_parse_join_bss_param" is no longer wrapped in the critical section, and the critical section is only used to copy the IES data.
Exploit details: Prior to this fix, attackers could potentially exploit this vulnerability by causing a denial of service (DoS) or creating a situation that produces unpredictable results in the Linux kernel. Thankfully, this issue has now been resolved and the Linux kernel's Wi-Fi WILC100 connect path is no longer susceptible to this vulnerability.
In conclusion, the CVE-2024-27053 vulnerability in the Linux kernel, related to the Wi-Fi WILC100 connect path, has been successfully resolved. The fix ensures proper RCU usage in connect paths and should prevent any potential exploits related to this issue. The Linux kernel maintainers continue to work diligently to identify and fix any issues related to the kernel, further enhancing its security and stability.
Timeline
Published on: 05/01/2024 13:15:50 UTC
Last modified on: 07/03/2024 01:50:18 UTC