ghsa-pgpc-54gc-3694
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
In the wilc_parse_join_bss_param function, the TSF field of the ies
structure is accessed after the RCU read-side critical section is
unlocked. According to RCU usage rules, this is illegal. Reusing this
pointer can lead to unpredictable behavior, including accessing memory
that has been updated or causing use-after-free issues.
This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues.
To address this, the TSF value is now stored in a local variable
ies_tsf before the RCU lock is released. The param->tsf_lo field is
then assigned using this local variable, ensuring that the TSF value is
safely accessed.
{
"affected": [],
"aliases": [
"CVE-2024-47712"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T12:15:07Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param\n\nIn the `wilc_parse_join_bss_param` function, the TSF field of the `ies`\nstructure is accessed after the RCU read-side critical section is\nunlocked. According to RCU usage rules, this is illegal. Reusing this\npointer can lead to unpredictable behavior, including accessing memory\nthat has been updated or causing use-after-free issues.\n\nThis possible bug was identified using a static analysis tool developed\nby myself, specifically designed to detect RCU-related issues.\n\nTo address this, the TSF value is now stored in a local variable\n`ies_tsf` before the RCU lock is released. The `param-\u003etsf_lo` field is\nthen assigned using this local variable, ensuring that the TSF value is\nsafely accessed.",
"id": "GHSA-pgpc-54gc-3694",
"modified": "2024-11-08T18:30:44Z",
"published": "2024-10-21T12:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47712"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2f944e6255c2fc1c9bd9ee32f6b14ee0b2a51eb5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/557418e1704605a81c9e26732449f71b1d40ba1e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a24cedc243ace5ed7c1016f52a7bfc8f5b07815"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/79510414a7626317f13cc9073244ab7a8deb3192"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84398204c5df5aaf89453056cf0647cda9664d2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b040b71d99ee5e17bb7a743dc01cbfcae8908ce1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bf090f4fe935294361eabd9dc5a949fdd77d3d1b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.