Ubuntu
backport-iwlwifi-dkms package

CVE-2022-41674 and others

  1. Kinetic (22.10)
  2. Bug #1994525
Bug #1994525 reported by Thadeu Lima de Souza Cascardo
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
backport-iwlwifi-dkms (Ubuntu)
Fix Released
High
Thadeu Lima de Souza Cascardo
Focal
Fix Released
High
Thadeu Lima de Souza Cascardo
Jammy
Fix Released
High
Thadeu Lima de Souza Cascardo
Kinetic
Fix Released
High
Thadeu Lima de Souza Cascardo

Bug Description

[Impact]
A nearby attacker can send beacon frames and make the systems of users of this driver to crash.

[Testcase]
https://seclists.org/oss-sec/2022/q4/23

The frames in the above URL could be used to test for the bug.

[Potential regressions]
Users who depend on this driver may not be able to access WLAN networks.

Tags: patch
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :
Changed in backport-iwlwifi-dkms (Ubuntu Focal):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in backport-iwlwifi-dkms (Ubuntu Jammy):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
Changed in backport-iwlwifi-dkms (Ubuntu Kinetic):
assignee: nobody → Thadeu Lima de Souza Cascardo (cascardo)
importance: Undecided → High
Changed in backport-iwlwifi-dkms (Ubuntu Jammy):
importance: Undecided → High
Changed in backport-iwlwifi-dkms (Ubuntu Focal):
importance: Undecided → High
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :
Revision history for this message
Thadeu Lima de Souza Cascardo (cascardo) wrote :
Changed in backport-iwlwifi-dkms (Ubuntu Focal):
status: New → In Progress
Changed in backport-iwlwifi-dkms (Ubuntu Jammy):
status: New → In Progress
Changed in backport-iwlwifi-dkms (Ubuntu Kinetic):
status: New → In Progress
Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

As it is a security issue/update I'll handle it soon as possible. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package backport-iwlwifi-dkms - 9904-0ubuntu3.1

---------------
backport-iwlwifi-dkms (9904-0ubuntu3.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0001-UBUNTU-SAUCE-wifi-cfg80211-fix-u8-overflow-in-cfg802.patc
    - debian/patches/0002-UBUNTU-SAUCE-wifi-cfg80211-mac80211-reject-bad-MBSSI.patch
    - debian/patches/0003-UBUNTU-SAUCE-wifi-mac80211-fix-MBSSID-parsing-use-af.patch
    - debian/patches/0004-UBUNTU-SAUCE-wifi-cfg80211-ensure-length-byte-is-pre.patch
    - debian/patches/0001-cfg80211-hold-bss_lock-while-updating-nontrans_list.patch
    - debian/patches/0005-UBUNTU-SAUCE-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
    - debian/patches/0006-UBUNTU-SAUCE-wifi-cfg80211-avoid-nontransmitted-BSS-.patch
    - debian/patches/0007-UBUNTU-SAUCE-wifi-mac80211_hwsim-avoid-mac80211-warn.patch
    - debian/patches/0008-UBUNTU-SAUCE-wifi-mac80211-fix-crash-in-beacon-prote.patch
    - debian/patches/0009-UBUNTU-SAUCE-wifi-cfg80211-update-hidden-BSSes-to-av.patch
      related to bug (LP: #1994525).
    - CVE-2022-41674
    - CVE-2022-42719
    - CVE-2022-42720
    - CVE-2022-42721
    - CVE-2022-42722

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 24 Oct 2022 15:19:51 -0300

Changed in backport-iwlwifi-dkms (Ubuntu Kinetic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package backport-iwlwifi-dkms - 9858-0ubuntu3.1

---------------
backport-iwlwifi-dkms (9858-0ubuntu3.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0001-UBUNTU-SAUCE-wifi-cfg80211-fix-u8-overflow-in-cfg802.patc
    - debian/patches/0002-UBUNTU-SAUCE-wifi-cfg80211-mac80211-reject-bad-MBSSI.patch
    - debian/patches/0003-UBUNTU-SAUCE-wifi-mac80211-fix-MBSSID-parsing-use-af.patch
    - debian/patches/0004-UBUNTU-SAUCE-wifi-cfg80211-ensure-length-byte-is-pre.patch
    - debian/patches/0001-cfg80211-hold-bss_lock-while-updating-nontrans_list.patch
    - debian/patches/0005-UBUNTU-SAUCE-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
    - debian/patches/0006-UBUNTU-SAUCE-wifi-cfg80211-avoid-nontransmitted-BSS-.patch
    - debian/patches/0007-UBUNTU-SAUCE-wifi-mac80211_hwsim-avoid-mac80211-warn.patch
    - debian/patches/0008-UBUNTU-SAUCE-wifi-mac80211-fix-crash-in-beacon-prote.patch
    - debian/patches/0009-UBUNTU-SAUCE-wifi-cfg80211-update-hidden-BSSes-to-av.patch
      related to bug (LP: #1994525).
    - CVE-2022-41674
    - CVE-2022-42719
    - CVE-2022-42720
    - CVE-2022-42721
    - CVE-2022-42722

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 24 Oct 2022 15:25:35 -0300

Changed in backport-iwlwifi-dkms (Ubuntu Jammy):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package backport-iwlwifi-dkms - 8324-0ubuntu3~20.04.5

---------------
backport-iwlwifi-dkms (8324-0ubuntu3~20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0001-UBUNTU-SAUCE-wifi-cfg80211-fix-u8-overflow-in-cfg802.patch
    - debian/patches/0002-UBUNTU-SAUCE-wifi-cfg80211-mac80211-reject-bad-MBSSI.patch
    - debian/patches/0004-UBUNTU-SAUCE-wifi-cfg80211-ensure-length-byte-is-pre.patch
    - debian/patches/0001-cfg80211-hold-bss_lock-while-updating-nontrans_list.patch
    - debian/patches/0005-UBUNTU-SAUCE-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
    - debian/patches/0006-UBUNTU-SAUCE-wifi-cfg80211-avoid-nontransmitted-BSS-.patch
    - debian/patches/0007-UBUNTU-SAUCE-wifi-mac80211_hwsim-avoid-mac80211-warn.patch
    - debian/patches/0001-cfg80211-refactor-cfg80211_bss_update.patch
    - debian/patches/0009-UBUNTU-SAUCE-wifi-cfg80211-update-hidden-BSSes-to-av.patch
    - debian/patches/0001-mac80211-mlme-find-auth-challenge-directly.patch
    - debian/patches/0002-wifi-mac80211-don-t-parse-mbssid-in-assoc-response.patch
    - debian/patches/0003-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch
      related to bug (LP: #1994525).
    - CVE-2022-41674
    - CVE-2022-42719
    - CVE-2022-42720
    - CVE-2022-42721

 -- Thadeu Lima de Souza Cascardo <email address hidden> Tue, 25 Oct 2022 10:41:55 -0300

Changed in backport-iwlwifi-dkms (Ubuntu Focal):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package backport-iwlwifi-dkms - 9904-0ubuntu3.1

---------------
backport-iwlwifi-dkms (9904-0ubuntu3.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/0001-UBUNTU-SAUCE-wifi-cfg80211-fix-u8-overflow-in-cfg802.patc
    - debian/patches/0002-UBUNTU-SAUCE-wifi-cfg80211-mac80211-reject-bad-MBSSI.patch
    - debian/patches/0003-UBUNTU-SAUCE-wifi-mac80211-fix-MBSSID-parsing-use-af.patch
    - debian/patches/0004-UBUNTU-SAUCE-wifi-cfg80211-ensure-length-byte-is-pre.patch
    - debian/patches/0001-cfg80211-hold-bss_lock-while-updating-nontrans_list.patch
    - debian/patches/0005-UBUNTU-SAUCE-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
    - debian/patches/0006-UBUNTU-SAUCE-wifi-cfg80211-avoid-nontransmitted-BSS-.patch
    - debian/patches/0007-UBUNTU-SAUCE-wifi-mac80211_hwsim-avoid-mac80211-warn.patch
    - debian/patches/0008-UBUNTU-SAUCE-wifi-mac80211-fix-crash-in-beacon-prote.patch
    - debian/patches/0009-UBUNTU-SAUCE-wifi-cfg80211-update-hidden-BSSes-to-av.patch
      related to bug (LP: #1994525).
    - CVE-2022-41674
    - CVE-2022-42719
    - CVE-2022-42720
    - CVE-2022-42721
    - CVE-2022-42722

 -- Thadeu Lima de Souza Cascardo <email address hidden> Mon, 24 Oct 2022 15:19:51 -0300

Changed in backport-iwlwifi-dkms (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.