一、 漏洞 CVE-2022-49533 基础信息
漏洞标题
ath11k:将最大活跃探测SSID和BSSID数量更改为与固件能力一致
来源:AIGC 神龙大模型
漏洞描述信息
在Linux内核中,已修复以下漏洞: ath11k:更改主动探测请求中有效SSID和BSSID的最大数量至固件能力 当前,在注册驱动程序时,主动探测请求中的最大SSID数量报告为16(WLAN_SCAN_PARAMS_MAX_SSID)。但scan_req_params结构仅具有容纳10个SSID的能力。这会导致缓冲区溢出,可在用户空间通过wpa_supplicant触发。当在ath11k_mac_op_hw_scan路径中将SSID复制到scan_req_params结构时,可能会覆盖extraie指针。 固件支持16个SSID * 4个BSSID,对于每个SSID,发送4个BSSID组合探测请求,总共支持64个探测请求。因此,分别将最大SSID和BSSID的数量设置为16和4。移除重复的SSID和BSSID宏定义。 测试平台:IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
来源:AIGC 神龙大模型
漏洞标题
ath11k: Change max no of active probe SSID and BSSID to fw capability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 (WLAN_SCAN_PARAMS_MAX_SSID) when registering the driver. The scan_req_params structure only has the capacity to hold 10 SSIDs. This leads to a buffer overflow which can be triggered from wpa_supplicant in userspace. When copying the SSIDs into the scan_req_params structure in the ath11k_mac_op_hw_scan route, it can overwrite the extraie pointer. Firmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe request will be sent, so totally 64 probe requests supported. So set both max ssid and bssid to 16 and 4 respectively. Remove the redundant macros of ssid and bssid. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2022-49533 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2022-49533 的情报信息

  • 标题: ath11k: Change max no of active probe SSID and BSSID to fw capability - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    ath11k: Change max no of active probe SSID and BSSID to fw capability - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ath11k: Change max no of active probe SSID and BSSID to fw capability - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    ath11k: Change max no of active probe SSID and BSSID to fw capability - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: ath11k: Change max no of active probe SSID and BSSID to fw capability - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    ath11k: Change max no of active probe SSID and BSSID to fw capability - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2022-49533