Bug 2300448 (CVE-2024-41071) - CVE-2024-41071 kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing
Summary: CVE-2024-41071 kernel: wifi: mac80211: Avoid address calculations via out of ...
Keywords:
Status: NEW
Alias: CVE-2024-41071
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2301635
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-07-29 15:45 UTC by OSIDB Bzimport
Modified: 2024-10-21 09:47 UTC (History)
6 users (show)

Fixed In Version: kernel 6.9.11, kernel 6.10
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:7043 0 None None None 2024-09-24 09:43:27 UTC
Red Hat Product Errata RHBA-2024:7198 0 None None None 2024-09-26 09:50:55 UTC
Red Hat Product Errata RHBA-2024:7235 0 None None None 2024-09-26 14:23:20 UTC
Red Hat Product Errata RHBA-2024:7236 0 None None None 2024-09-26 14:37:59 UTC
Red Hat Product Errata RHBA-2024:7637 0 None None None 2024-10-03 14:46:16 UTC
Red Hat Product Errata RHBA-2024:8227 0 None None None 2024-10-17 06:46:14 UTC
Red Hat Product Errata RHSA-2024:6990 0 None None None 2024-09-24 00:24:48 UTC
Red Hat Product Errata RHSA-2024:6991 0 None None None 2024-09-24 00:47:42 UTC
Red Hat Product Errata RHSA-2024:6992 0 None None None 2024-09-24 00:34:43 UTC
Red Hat Product Errata RHSA-2024:6993 0 None None None 2024-09-24 01:15:01 UTC
Red Hat Product Errata RHSA-2024:6994 0 None None None 2024-09-24 01:20:14 UTC
Red Hat Product Errata RHSA-2024:6995 0 None None None 2024-09-24 00:35:12 UTC
Red Hat Product Errata RHSA-2024:6997 0 None None None 2024-09-24 02:50:00 UTC
Red Hat Product Errata RHSA-2024:6998 0 None None None 2024-09-24 01:19:49 UTC
Red Hat Product Errata RHSA-2024:6999 0 None None None 2024-09-24 01:06:21 UTC
Red Hat Product Errata RHSA-2024:7000 0 None None None 2024-09-24 02:35:14 UTC
Red Hat Product Errata RHSA-2024:7001 0 None None None 2024-09-24 00:39:48 UTC
Red Hat Product Errata RHSA-2024:7002 0 None None None 2024-09-24 01:05:44 UTC
Red Hat Product Errata RHSA-2024:7003 0 None None None 2024-09-24 00:47:07 UTC
Red Hat Product Errata RHSA-2024:7004 0 None None None 2024-09-24 01:35:11 UTC
Red Hat Product Errata RHSA-2024:7005 0 None None None 2024-09-24 00:47:18 UTC
Red Hat Product Errata RHSA-2024:7227 0 None None None 2024-09-26 14:04:24 UTC
Red Hat Product Errata RHSA-2024:7427 0 None None None 2024-10-01 00:32:23 UTC
Red Hat Product Errata RHSA-2024:7428 0 None None None 2024-10-01 00:30:54 UTC
Red Hat Product Errata RHSA-2024:7429 0 None None None 2024-10-01 00:44:41 UTC
Red Hat Product Errata RHSA-2024:7430 0 None None None 2024-10-01 00:37:41 UTC
Red Hat Product Errata RHSA-2024:7431 0 None None None 2024-10-01 02:27:54 UTC
Red Hat Product Errata RHSA-2024:7432 0 None None None 2024-10-01 02:27:01 UTC
Red Hat Product Errata RHSA-2024:7433 0 None None None 2024-10-01 00:39:22 UTC

Description OSIDB Bzimport 2024-07-29 15:45:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: Avoid address calculations via out of bounds array indexing

req->n_channels must be set before req->channels[] can be used.

This patch fixes one of the issues encountered in [1].

[   83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4
[   83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]'
[...]
[   83.964264] Call Trace:
[   83.964267]  <TASK>
[   83.964269]  dump_stack_lvl+0x3f/0xc0
[   83.964274]  __ubsan_handle_out_of_bounds+0xec/0x110
[   83.964278]  ieee80211_prep_hw_scan+0x2db/0x4b0
[   83.964281]  __ieee80211_start_scan+0x601/0x990
[   83.964291]  nl80211_trigger_scan+0x874/0x980
[   83.964295]  genl_family_rcv_msg_doit+0xe8/0x160
[   83.964298]  genl_rcv_msg+0x240/0x270
[...]

[1] https://bugzilla.kernel.org/show_bug.cgi?id=218810
Comment 1 Mauro Matteo Cascella 2024-07-30 13:35:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072909-CVE-2024-41071-4eb6@gregkh/T
Comment 2 Mauro Matteo Cascella 2024-07-30 13:35:41 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2301635]
Comment 21 errata-xmlrpc 2024-09-24 00:24:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:6990 https://access.redhat.com/errata/RHSA-2024:6990
Comment 22 errata-xmlrpc 2024-09-24 00:34:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:6992 https://access.redhat.com/errata/RHSA-2024:6992
Comment 23 errata-xmlrpc 2024-09-24 00:35:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:6995 https://access.redhat.com/errata/RHSA-2024:6995
Comment 24 errata-xmlrpc 2024-09-24 00:39:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7001 https://access.redhat.com/errata/RHSA-2024:7001
Comment 25 errata-xmlrpc 2024-09-24 00:47:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:7003 https://access.redhat.com/errata/RHSA-2024:7003
Comment 26 errata-xmlrpc 2024-09-24 00:47:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7005 https://access.redhat.com/errata/RHSA-2024:7005
Comment 27 errata-xmlrpc 2024-09-24 00:47:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:6991 https://access.redhat.com/errata/RHSA-2024:6991
Comment 28 errata-xmlrpc 2024-09-24 01:05:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:7002 https://access.redhat.com/errata/RHSA-2024:7002
Comment 29 errata-xmlrpc 2024-09-24 01:06:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support

Via RHSA-2024:6999 https://access.redhat.com/errata/RHSA-2024:6999
Comment 30 errata-xmlrpc 2024-09-24 01:15:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:6993 https://access.redhat.com/errata/RHSA-2024:6993
Comment 31 errata-xmlrpc 2024-09-24 01:19:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:6998 https://access.redhat.com/errata/RHSA-2024:6998
Comment 32 errata-xmlrpc 2024-09-24 01:20:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2024:6994 https://access.redhat.com/errata/RHSA-2024:6994
Comment 33 errata-xmlrpc 2024-09-24 01:35:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7004 https://access.redhat.com/errata/RHSA-2024:7004
Comment 34 errata-xmlrpc 2024-09-24 02:35:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7000 https://access.redhat.com/errata/RHSA-2024:7000
Comment 35 errata-xmlrpc 2024-09-24 02:49:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6997 https://access.redhat.com/errata/RHSA-2024:6997
Comment 36 errata-xmlrpc 2024-09-26 14:04:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION

Via RHSA-2024:7227 https://access.redhat.com/errata/RHSA-2024:7227
Comment 37 errata-xmlrpc 2024-10-01 00:30:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:7428 https://access.redhat.com/errata/RHSA-2024:7428
Comment 38 errata-xmlrpc 2024-10-01 00:32:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:7427 https://access.redhat.com/errata/RHSA-2024:7427
Comment 39 errata-xmlrpc 2024-10-01 00:37:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:7430 https://access.redhat.com/errata/RHSA-2024:7430
Comment 40 errata-xmlrpc 2024-10-01 00:39:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Via RHSA-2024:7433 https://access.redhat.com/errata/RHSA-2024:7433
Comment 41 errata-xmlrpc 2024-10-01 00:44:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:7429 https://access.redhat.com/errata/RHSA-2024:7429
Comment 42 errata-xmlrpc 2024-10-01 02:27:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:7432 https://access.redhat.com/errata/RHSA-2024:7432
Comment 43 errata-xmlrpc 2024-10-01 02:27:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7431 https://access.redhat.com/errata/RHSA-2024:7431
Note You need to log in before you can comment on or make changes to this bug.