Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: drop stray ‘static’ from fast-RX rx_result
ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other’s result between ieee80211_rx_mesh_data() and the switch on res.
That can make a packet that was queued or consumed by ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make a packet that should continue return as queued.
Make res an automatic variable so each invocation keeps its own result.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 5.14.0 (+4 more)
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: drop stray ‘static’ from fast-RX rx_result
ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other’s result between ieee80211_rx_mesh_data() and the switch on res.
That can make a packet that was queued or consumed by ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make a packet that should continue return as queued.
Make res an automatic variable so each invocation keeps its own result.