CVE-2022-49533
EUVD-2022-5447626.02.2025, 07:01
In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver. The scan_req_params structure only has the capacity to hold 10 SSIDs. This leads to a buffer overflow which can be triggered from wpa_supplicant in userspace. When copying the SSIDs into the scan_req_params structure in the ath11k_mac_op_hw_scan route, it can overwrite the extraie pointer. Firmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe request will be sent, so totally 64 probe requests supported. So set both max ssid and bssid to 16 and 4 respectively. Remove the redundant macros of ssid and bssid. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.6 ≤ 𝑥 < 5.17.14 |
| linux | linux_kernel | 5.18 ≤ 𝑥 < 5.18.3 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||
|---|---|---|---|
| cluster-md-kmp-default |
| ||
| dlm-kmp-default |
| ||
| gfs2-kmp-default |
| ||
| kernel-64kb |
| ||
| kernel-default |
| ||
| kernel-default-base |
| ||
| kernel-docs |
| ||
| kernel-macros |
| ||
| kernel-obs-build |
| ||
| kernel-source |
| ||
| kernel-syms |
| ||
| kernel-zfcpdump |
| ||
| ocfs2-kmp-default |
| ||
| reiserfs-kmp-default |
|