In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix race condition on enabling fast-xmit
fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drvtx calls to the driver, leading to potential crashes because of uninitialized drvpriv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
[
{
"signature_type": "Function",
"id": "CVE-2024-26779-02ed3639",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88c18fd06608b3adee547102505d715f21075c9d",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "140612303023794772345779983973501748560",
"length": 1396.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-07aeb437",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54b79d8786964e2f840e8a2ec4a9f9a50f3d4954",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "306766123433000220874046975602167896313",
"length": 5661.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-19ca606d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76fad1174a0cae6fc857b9f88b261a2e4f07d587",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "74737064770254474642718996898130698874",
"length": 5340.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-1f73b83e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76fad1174a0cae6fc857b9f88b261a2e4f07d587",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"149346956058433263955006292042151522797",
"41818969102177534870990005426797050452",
"111593335747880752720783469021378101868"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-222cd250",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85720b69aef177318f4a18efbcc4302228a340e5",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "158213902503997776710920014813257604635",
"length": 1384.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-28c3ce14",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@281280276b70c822f55ce15b661f6d1d3228aaa9",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-3d05fa84",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb39bb548bf974acad7bd6780fe11f9e6652d696",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"149346956058433263955006292042151522797",
"41818969102177534870990005426797050452",
"27453126568711300668486001889350879699"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-41bbd706",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85720b69aef177318f4a18efbcc4302228a340e5",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "43213093727537904302492938762321033920",
"length": 5212.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-543b6e5c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76fad1174a0cae6fc857b9f88b261a2e4f07d587",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "158213902503997776710920014813257604635",
"length": 1384.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-56e8a47f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85720b69aef177318f4a18efbcc4302228a340e5",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"149346956058433263955006292042151522797",
"41818969102177534870990005426797050452",
"111593335747880752720783469021378101868"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-641c6c11",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5ffab99e070b9f8ae0cf60c3c3602b84eee818dd",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "256613256173188630681700743496290919349",
"length": 5226.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-66b71d72",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54b79d8786964e2f840e8a2ec4a9f9a50f3d4954",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"149346956058433263955006292042151522797",
"41818969102177534870990005426797050452",
"27453126568711300668486001889350879699"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-6c25df8e",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54b79d8786964e2f840e8a2ec4a9f9a50f3d4954",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "1168097344895767908758906596782754762",
"length": 1996.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-6d9ebf23",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88c18fd06608b3adee547102505d715f21075c9d",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "256613256173188630681700743496290919349",
"length": 5226.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-7130a2ff",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5ffab99e070b9f8ae0cf60c3c3602b84eee818dd",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-7268806c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5ffab99e070b9f8ae0cf60c3c3602b84eee818dd",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"149346956058433263955006292042151522797",
"41818969102177534870990005426797050452",
"111593335747880752720783469021378101868"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-7730dc95",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-79b05316",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb39bb548bf974acad7bd6780fe11f9e6652d696",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "304397717339560218475976944351419757043",
"length": 1612.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-7c0fc031",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@281280276b70c822f55ce15b661f6d1d3228aaa9",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "226774233129442598999136809203290755095",
"length": 1943.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-943f3bde",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54b79d8786964e2f840e8a2ec4a9f9a50f3d4954",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-957084fe",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@281280276b70c822f55ce15b661f6d1d3228aaa9",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "306766123433000220874046975602167896313",
"length": 5661.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-9efb145d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "226774233129442598999136809203290755095",
"length": 1943.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-a1abdde8",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb39bb548bf974acad7bd6780fe11f9e6652d696",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "235670188137091763445726119774369947594",
"length": 5406.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-a3f1dca9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@76fad1174a0cae6fc857b9f88b261a2e4f07d587",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-bb94e40f",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"331368545545848825540529496988660271003",
"41818969102177534870990005426797050452",
"27453126568711300668486001889350879699"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-d097bf2a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@281280276b70c822f55ce15b661f6d1d3228aaa9",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"331368545545848825540529496988660271003",
"41818969102177534870990005426797050452",
"27453126568711300668486001889350879699"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-d5fce1d4",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88c18fd06608b3adee547102505d715f21075c9d",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/sta_info.c"
},
"digest": {
"line_hashes": [
"149346956058433263955006292042151522797",
"41818969102177534870990005426797050452",
"111593335747880752720783469021378101868"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-deccb5ad",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb39bb548bf974acad7bd6780fe11f9e6652d696",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-e84c9acd",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@88c18fd06608b3adee547102505d715f21075c9d",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-ebea94f9",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "ieee80211_check_fast_xmit",
"file": "net/mac80211/tx.c"
},
"digest": {
"function_hash": "75126406147383291828337930211615874178",
"length": 5637.0
}
},
{
"signature_type": "Function",
"id": "CVE-2024-26779-f9eac47d",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5ffab99e070b9f8ae0cf60c3c3602b84eee818dd",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "__acquires",
"file": "net/mac80211/sta_info.c"
},
"digest": {
"function_hash": "140612303023794772345779983973501748560",
"length": 1396.0
}
},
{
"signature_type": "Line",
"id": "CVE-2024-26779-fd9f110a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@85720b69aef177318f4a18efbcc4302228a340e5",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "net/mac80211/tx.c"
},
"digest": {
"line_hashes": [
"3590953259804321848481703785968664356",
"312299033093547039896326129281456837420",
"26050847363295721790870799144893831683",
"67948567545466730674556521009326598141"
],
"threshold": 0.9
}
}
]