Bug 1771909 (CVE-2019-17133) - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
Summary: CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/w...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-17133
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1771910 1778625 1778626 1778627 1778628 1778629 1778630 1778631 1778632 1778633 1778634 1778635 1778636 1778637 1778648 1778649 1778650 1778651 1778652 1778653 1778654 1778655 1778991 1778992 1778993 1778994 1778995 1778996 1778997 1778998 1778999
Blocks: 1771911
TreeView+ depends on / blocked
 
Reported: 2019-11-13 08:43 UTC by Dhananjay Arunesh
Modified: 2020-04-21 11:51 UTC (History)
56 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code.
Clone Of:
Environment:
Last Closed: 2020-01-21 20:09:57 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0454 None None None 2020-02-10 01:39:26 UTC
Red Hat Product Errata RHBA-2020:0516 None None None 2020-02-17 09:36:26 UTC
Red Hat Product Errata RHBA-2020:0517 None None None 2020-02-17 09:30:32 UTC
Red Hat Product Errata RHBA-2020:0518 None None None 2020-02-17 09:30:51 UTC
Red Hat Product Errata RHSA-2020:0174 None None None 2020-01-21 15:50:12 UTC
Red Hat Product Errata RHSA-2020:0374 None None None 2020-02-04 19:30:35 UTC
Red Hat Product Errata RHSA-2020:0375 None None None 2020-02-04 19:30:53 UTC
Red Hat Product Errata RHSA-2020:0543 None None None 2020-02-18 14:43:51 UTC
Red Hat Product Errata RHSA-2020:0592 None None None 2020-02-25 12:10:58 UTC
Red Hat Product Errata RHSA-2020:0609 None None None 2020-02-26 09:16:11 UTC
Red Hat Product Errata RHSA-2020:0653 None None None 2020-03-03 08:36:51 UTC
Red Hat Product Errata RHSA-2020:0661 None None None 2020-03-03 10:04:38 UTC
Red Hat Product Errata RHSA-2020:0664 None None None 2020-03-03 15:17:49 UTC
Red Hat Product Errata RHSA-2020:0790 None None None 2020-03-11 16:45:55 UTC

Description Dhananjay Arunesh 2019-11-13 08:43:15 UTC
A vulnerability was found in the Linux kernels generic wifi management system in the function cfg80211_mgd_wext_giwessid.   Many of the wifi drivers use this software and if an attacker could trick or coerce a system to joining a wifi network with an essid longer than the standard could create a situation which could the essid data could corrupt kernel stack memory and possibly escalate privileges. 


Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ac2813cc867ae563a1ba5a9414bfb554e5796fa

Comment 1 Dhananjay Arunesh 2019-11-13 08:44:02 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1771910]

Comment 2 Justin M. Forbes 2019-11-13 13:15:19 UTC
This was fixed for Fedora with the 5.3.8 stable kernel updates

Comment 5 Wade Mealing 2019-12-02 08:48:38 UTC
From my initial understanding it appears as though this flaw requires getting the system to join a wireless network that has longer than the maximum expected length (32 characters according to the standard http://standards.ieee.org/getieee802/download/802.11-2007.pdf Section 7.3.2.1).

The attacker could possibly corrupt elements on the stack or the stack value itself.

Comment 12 errata-xmlrpc 2020-01-21 15:50:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0174 https://access.redhat.com/errata/RHSA-2020:0174

Comment 13 Product Security DevOps Team 2020-01-21 20:09:57 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-17133

Comment 15 errata-xmlrpc 2020-02-04 19:30:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0374 https://access.redhat.com/errata/RHSA-2020:0374

Comment 16 errata-xmlrpc 2020-02-04 19:30:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0375 https://access.redhat.com/errata/RHSA-2020:0375

Comment 18 errata-xmlrpc 2020-02-18 14:43:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2020:0543 https://access.redhat.com/errata/RHSA-2020:0543

Comment 19 errata-xmlrpc 2020-02-25 12:10:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2020:0592 https://access.redhat.com/errata/RHSA-2020:0592

Comment 20 errata-xmlrpc 2020-02-26 09:16:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2020:0609 https://access.redhat.com/errata/RHSA-2020:0609

Comment 21 errata-xmlrpc 2020-03-03 08:36:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.3 Telco Extended Update Support

Via RHSA-2020:0653 https://access.redhat.com/errata/RHSA-2020:0653

Comment 22 errata-xmlrpc 2020-03-03 10:04:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2020:0661 https://access.redhat.com/errata/RHSA-2020:0661

Comment 23 errata-xmlrpc 2020-03-03 15:17:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:0664 https://access.redhat.com/errata/RHSA-2020:0664

Comment 24 errata-xmlrpc 2020-03-11 16:45:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0790 https://access.redhat.com/errata/RHSA-2020:0790


Note You need to log in before you can comment on or make changes to this bug.