fkie_cve-2022-49942
Vulnerability from fkie_nvd
Published
2025-06-18 11:15
Modified
2025-11-14 19:40
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case. This causes the for loop in cfg80211_get_bss() to be bypassed, so the function returns NULL (check line 1424 of net/wireless/scan.c), causing the WARN_ON() in ieee80211_ibss_csa_beacon() to get triggered (check line 500 of net/mac80211/ibss.c), which was consequently reported on the syzkaller dashboard. Thus, check if we have an existing connection before generating the CSA beacon in ieee80211_ibss_finish_csa().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 6.0
linux linux_kernel 6.0
linux linux_kernel 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6E5DFA-0138-41E0-B703-B0244FA3EC98",
              "versionEndExcluding": "4.9.328",
              "versionStartIncluding": "3.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D9B742D-912D-4E0C-A42F-367086FDEA88",
              "versionEndExcluding": "4.14.293",
              "versionStartIncluding": "4.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "253D30F5-3734-4663-883A-288786D3B66E",
              "versionEndExcluding": "4.19.258",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C373116-9E23-44BA-A6B7-87C8BF5C3B85",
              "versionEndExcluding": "5.4.213",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44AD643-5591-432E-BD41-C2C737F54AC0",
              "versionEndExcluding": "5.10.142",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52AE7E2B-7BE3-4B8A-89CC-AB62434899A3",
              "versionEndExcluding": "5.15.66",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FEC7656-4CE2-424C-8830-EDB160E701C8",
              "versionEndExcluding": "5.19.8",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: Don\u0027t finalize CSA in IBSS mode if state is disconnected\n\nWhen we are not connected to a channel, sending channel \"switch\"\nannouncement doesn\u0027t make any sense.\n\nThe BSS list is empty in that case. This causes the for loop in\ncfg80211_get_bss() to be bypassed, so the function returns NULL\n(check line 1424 of net/wireless/scan.c), causing the WARN_ON()\nin ieee80211_ibss_csa_beacon() to get triggered (check line 500\nof net/mac80211/ibss.c), which was consequently reported on the\nsyzkaller dashboard.\n\nThus, check if we have an existing connection before generating\nthe CSA beacon in ieee80211_ibss_finish_csa()."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: No finalizar la CSA en modo IBSS si el estado es desconectado. Cuando no estamos conectados a un canal, enviar el anuncio de cambio de canal no tiene sentido. En ese caso, la lista BSS est\u00e1 vac\u00eda. Esto provoca que se omita el bucle for en cfg80211_get_bss(), por lo que la funci\u00f3n devuelve NULL (consulte la l\u00ednea 1424 de net/wireless/scan.c), lo que provoca la activaci\u00f3n de WARN_ON() en ieee80211_ibss_csa_beacon() (consulte la l\u00ednea 500 de net/mac80211/ibss.c), lo que se inform\u00f3 en el panel de control de syzkaller. Por lo tanto, se debe comprobar si existe una conexi\u00f3n antes de generar la baliza CSA en ieee80211_ibss_finish_csa()."
    }
  ],
  "id": "CVE-2022-49942",
  "lastModified": "2025-11-14T19:40:07.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-18T11:15:21.147",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.