hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d0f491ccfd
sst-linux/net
History
Vitaliy Shevtsov 236f41ca72 wifi: nl80211: reject cooked mode if it is set along with other flags 
commit 49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f upstream.

It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE
flags simultaneously on the same monitor interface from the userspace. This
causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit
set because the monitor interface is in the cooked state and it takes
precedence over all other states. When the interface is then being deleted
the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing
that bit.

Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with
other flags.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: 66f7ac50ed ("nl80211: Add monitor interface configuration flags")
Cc: stable@vger.kernel.org
Reported-by: syzbot+2e5c1e55b9e5c28a3da7@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=2e5c1e55b9e5c28a3da7
Signed-off-by: Vitaliy Shevtsov <v.shevtsov@mt-integration.ru>
Link: https://patch.msgid.link/20250131152657.5606-1-v.shevtsov@mt-integration.ru
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-03-13 12:53:14 +01:00
..
6lowpan
9p 9p/xen: fix release of IRQ 2024-12-14 19:54:08 +01:00
802 net: 802: LLC+SNAP OID:PID lookup on start of skb data 2025-01-17 13:34:38 +01:00
8021q
appletalk
atm
ax25 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt 2025-02-21 13:49:56 +01:00
batman-adv batman-adv: Drop unmanaged ELP metric worker 2025-02-21 13:50:00 +01:00
bluetooth Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() 2025-03-13 12:53:14 +01:00
bpf bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() 2025-03-07 16:56:37 +01:00
bpfilter
bridge ipv4: Convert ip_route_input() to dscp_t. 2025-03-07 16:56:44 +01:00
caif
can can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero 2025-02-21 13:50:04 +01:00
ceph
core net: Clear old fragment checksum value in napi_reuse_skb 2025-03-07 16:56:45 +01:00
dcb
dccp net: fix data-races around sk->sk_forward_alloc 2025-01-23 17:17:17 +01:00
devlink
dns_resolver
dsa net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events 2025-02-21 13:50:11 +01:00
ethernet
ethtool net: avoid race between device unregistration and ethnl ops 2025-02-21 13:49:06 +01:00
hsr net: hsr: fix fill_frame_info() regression vs VLAN packets 2025-02-21 13:49:23 +01:00
ieee802154 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() 2024-12-14 19:54:41 +01:00
ife
ipv4 tcp: Defer ts_recent changes until req is owned 2025-03-07 16:56:45 +01:00
ipv6 net: ipv6: fix dst ref loop on input in rpl lwt 2025-03-07 16:56:46 +01:00
iucv s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() 2024-12-14 19:53:50 +01:00
kcm
key
l2tp
l3mdev
lapb
llc net: llc: reset skb->transport_header 2025-01-09 13:30:01 +01:00
mac80211 wifi: mac80211: prohibit deactivating all links 2025-02-21 13:49:03 +01:00
mac802154 mac802154: check local interfaces before deleting sdata list 2025-01-23 17:17:11 +01:00
mctp net: mctp: handle skb cleanup on sock_queue failures 2025-01-09 13:29:57 +01:00
mpls
mptcp mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr 2025-03-13 12:53:14 +01:00
ncsi net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling 2025-02-21 13:49:54 +01:00
netfilter netfilter: allow exp not to be removed in nf_ct_find_expectation 2025-03-07 16:56:41 +01:00
netlabel
netlink sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
netrom netrom: check buffer length before accessing it 2025-01-09 13:30:01 +01:00
nfc NFC: nci: Add bounds checking in nci_hci_create_pipe() 2025-02-21 13:49:51 +01:00
nsh
openvswitch openvswitch: use RCU protection in ovs_vport_cmd_fill_info() 2025-02-21 13:50:08 +01:00
packet af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK 2025-01-09 13:30:02 +01:00
phonet
psample
qrtr
rds
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-14 19:53:33 +01:00
rose net: rose: lock the socket in rose_bind() 2025-02-21 13:49:37 +01:00
rxrpc rxrpc: Improve setsockopt() handling of malformed user input 2024-12-14 19:53:52 +01:00
sched pfifo_tail_enqueue: Drop new packet when sch->limit == 0 2025-03-07 16:56:51 +01:00
sctp sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy 2025-01-17 13:34:42 +01:00
smc net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-21 13:49:03 +01:00
strparser strparser: Add read_sock callback 2025-03-07 16:56:37 +01:00
sunrpc sunrpc: suppress warnings for unused procfs functions 2025-03-07 16:56:42 +01:00
switchdev
tipc tipc: re-order conditions in tipc_crypto_key_rcv() 2025-02-21 13:49:33 +01:00
tls tls: Fix tls_sw_sendmsg error handling 2025-01-17 13:34:39 +01:00
unix sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
vmw_vsock vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] 2025-01-23 17:17:14 +01:00
wireless wifi: nl80211: reject cooked mode if it is set along with other flags 2025-03-13 12:53:14 +01:00
x25
xdp xsk: fix OOB map writes when deleting elements 2024-12-14 19:54:36 +01:00
xfrm xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO 2025-02-21 13:49:21 +01:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c
sysctl_net.c