CVE-2022-49942
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49942
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49942.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49942
- Downstream
- Related
- Published
- 2025-06-18T11:15:21Z
- Modified
- 2025-08-09T19:01:27Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense.
The BSS list is empty in that case. This causes the for loop in cfg80211getbss() to be bypassed, so the function returns NULL (check line 1424 of net/wireless/scan.c), causing the WARNON() in ieee80211ibsscsabeacon() to get triggered (check line 500 of net/mac80211/ibss.c), which was consequently reported on the syzkaller dashboard.
Thus, check if we have an existing connection before generating the CSA beacon in ieee80211ibssfinish_csa().
- References
-
- https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0
- https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b
- https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508
- https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e
- https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d
- https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677
- https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b
- https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780