Bug 2338204 (CVE-2024-57898) - CVE-2024-57898 kernel: wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Summary: CVE-2024-57898 kernel: wifi: cfg80211: clear link ID from bitmap during link ...
Keywords:
Status: NEW
Alias: CVE-2024-57898
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-01-15 14:03 UTC by OSIDB Bzimport
Modified: 2025-04-06 19:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-01-15 14:03:07 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: clear link ID from bitmap during link delete after clean up

Currently, during link deletion, the link ID is first removed from the
valid_links bitmap before performing any clean-up operations. However, some
functions require the link ID to remain in the valid_links bitmap. One
such example is cfg80211_cac_event(). The flow is -

nl80211_remove_link()
    cfg80211_remove_link()
        ieee80211_del_intf_link()
            ieee80211_vif_set_links()
                ieee80211_vif_update_links()
                    ieee80211_link_stop()
                        cfg80211_cac_event()

cfg80211_cac_event() requires link ID to be present but it is cleared
already in cfg80211_remove_link(). Ultimately, WARN_ON() is hit.

Therefore, clear the link ID from the bitmap only after completing the link
clean-up.
Comment 1 Robb Gatica 2025-01-15 15:24:17 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025011515-CVE-2024-57898-bfde@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.