Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: Fix use after free for wext
Key information in wext.connect is not reset on (re)connect and can hold data from a previous connection.
Reset key data to avoid that drivers or mac80211 incorrectly detect a WEP connection request and access the freed or already reused memory.
Additionally optimize cfg80211_sme_connect() and avoid an useless schedule of conn_work.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 6 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , Oracle Linux 6 ELS , Ubuntu 16.04 ELS , Ubuntu 18.04 ELS
- Affected packages:
- kernel @ 4.18.0 (+7 more)
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: Fix use after free for wext
Key information in wext.connect is not reset on (re)connect and can hold data from a previous connection.
Reset key data to avoid that drivers or mac80211 incorrectly detect a WEP connection request and access the freed or already reused memory.
Additionally optimize cfg80211_sme_connect() and avoid an useless schedule of conn_work.