In the Linux kernel, a critical vulnerability has been resolved, specifically in the WiFi subsystem "mac80211." The issue revolves around a NULL (empty) pointer dereference bug that could induce problems when checking the band while starting the TX BA (Block Acknowledgement) session.
The vulnerability has been identified in the MLD connection, where link_data/link_conf are dynamically allocated and do not point to vif->bss_conf. Consequently, there will be no chanreq assigned to vif->bss_conf; hence the chan will be NULL. The code has been modified to examine ht_supported/vht_supported/has_he/has_eht on sta deflink, preventing a crash or unexpected behavior.
The crash log reveals that the kernel NULL pointer dereference is happening at the following line in "net/mac80211/agg-tx.c" file:
ieee80211_start_tx_ba_session (net/mac80211/agg-tx.c:618 (discriminator 1)) mac80211
The log also shows that the issue occurred on a Lenovo laptop running BIOS G7ETB3WW (2.73) 11/28/2018.
Link to the original crash log: Crash Log
Link to the patched kernel commit: Linux Kernel Patch
Exploit Details
---
To exploit this vulnerability, a malicious user or program must be able to gain access to the mac80211 WiFi subsystem, specifically to trigger a TX BA session. While the issue has been fixed in the latest Linux kernel versions, it is advisable for all users to update their systems immediately to avoid potential risks.
This vulnerability has been assigned CVE number 2024-43911. Details about the CVE-2024-43911 can be found in various security databases, such as:
- National Vulnerability Database (NVD)
- Common Vulnerabilities and Exposures (CVE®)
Patching and Security Measures
---
Update their Linux kernel to the latest patched version.
2. If unable to update the kernel, make sure to implement proper access control measures and harden your systems against malicious attacks.
In conclusion, it is crucial for users to be aware of vulnerabilities in their systems and take necessary actions to prevent possible security threats. CVE-2024-43911, a Linux kernel vulnerability involving a NULL dereference at band check in starting TX BA session in the WiFi subsystem "mac80211," poses a risk to affected systems. However, the issue has been resolved in the latest kernel patches, and it is advisable to update your systems to maintain a secure environment.
Timeline
Published on: 08/26/2024 11:15:05 UTC
Last modified on: 08/27/2024 16:08:52 UTC