Bug 2347661 (CVE-2022-49539) - CVE-2022-49539 kernel: rtw89: ser: fix CAM leaks occurring in L2 reset
Summary: CVE-2022-49539 kernel: rtw89: ser: fix CAM leaks occurring in L2 reset
Keywords:
Status: NEW
Alias: CVE-2022-49539
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:02 UTC by OSIDB Bzimport
Modified: 2025-05-05 14:14 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:02:20 UTC 
In the Linux kernel, the following vulnerability has been resolved:

rtw89: ser: fix CAM leaks occurring in L2 reset

The CAM, meaning address CAM and bssid CAM here, will get leaks during
SER (system error recover) L2 reset process and ieee80211_restart_hw()
which is called by L2 reset process eventually.

The normal flow would be like
-> add interface (acquire 1)
-> enter ips (release 1)
-> leave ips (acquire 1)
-> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection>

The ieee80211_restart_hw() flow (under connection)
-> ieee80211 reconfig
-> add interface (acquire 1)
-> leave ips (acquire 1)
-> connection (occupy (A) + 2) <(B) 1 more leak>

Originally, CAM is released before HW restart only if connection is under
security. Now, release CAM whatever connection it is to fix leak in (A).
OTOH, check if CAM is already valid to avoid acquiring multiple times to
fix (B).

Besides, if AP mode, release address CAM of all stations before HW restart.
Comment 1 Mauro Matteo Cascella 2025-02-26 11:29:47 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022614-CVE-2022-49539-9ea2@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.