Bug 1227774 (CVE-2024-40929)

Summary:	VUL-0: CVE-2024-40929: kernel: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	miroslav.franc, rfrohl
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/413856/
Whiteboard:	CVSSv3.1:SUSE:CVE-2024-40929:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-07-15 09:45:16 UTC

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

In some versions of cfg80211, the ssids poinet might be a valid one even
though n_ssids is 0. Accessing the pointer in this case will cuase an
out-of-bound access. Fix this by checking n_ssids first.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-40929
https://www.cve.org/CVERecord?id=CVE-2024-40929
https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a
https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b
https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281
https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b
https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614
https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-40929.mbox

Comment 2 Takashi Iwai 2024-07-17 15:24:18 UTC

The fix backported to SLE12-SP5 branch.