Red Hat Bugzilla – Bug 1083512
CVE-2014-2706 Kernel: net: mac80211: crash dues to AP powersave TX vs. wakeup race
Last modified: 2015-07-31 03:18:02 EDT
A Linux kernel built with a Generic IEEE 802.11 Networking Stack (CONFIG_MAC80211) is vulnerable to a crash caused by a race condition in frame transmission path and station wakeup event, in case when it's sleeping. The crash occurs because, mac80211 stack buffers frames when the station is sleeping, and the same are transmitted upon the station's(STA) wakeup. At this point, a buffered TX frame list is being emptied, while a new frame is being added to the RX list. A remote unprivileged user/program could use this flaw to crash the system kernel, resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/1d147bfa64293b2723c4fec50922168658e613ba Reference: ---------- -> http://seclists.org/oss-sec/2014/q2/7
Statement: This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1083538]
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2014:0557 https://rhn.redhat.com/errata/RHSA-2014-0557.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0981 https://rhn.redhat.com/errata/RHSA-2014-0981.html
IssueDescription: A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system.
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1023 https://rhn.redhat.com/errata/RHSA-2014-1023.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Via RHSA-2014:1101 https://rhn.redhat.com/errata/RHSA-2014-1101.html