CVE-2024-43841

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-43841
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43841.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43841
Downstream
Related
Published
2024-08-17T09:21:56.517Z
Modified
2026-03-11T07:50:22.905738Z
Summary
wifi: virt_wifi: avoid reporting connection success with wrong SSID
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: virt_wifi: avoid reporting connection success with wrong SSID

When user issues a connection with a different SSID than the one virt_wifi has advertised, the _cfg80211connectresult() will trigger the warning: WARNON(bssnotfound).

The issue is because the connection code in virtwifi does not check the SSID from user space (it only checks the BSSID), and virtwifi will call cfg80211connectresult() with WLANSTATUSSUCCESS even if the SSID is different from the one virtwifi has advertised. Eventually cfg80211 won't be able to find the cfg80211bss and generate the warning.

Fixed it by checking the SSID (from user space) in the connection code.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43841.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c7cdba31ed8b87526db978976392802d3f93110c
Fixed
994fc2164a03200c3bf42fb45b3d49d9d6d33a4d
Fixed
05c4488a0e446c6ccde9f22b573950665e1cd414
Fixed
93e898a264b4e0a475552ba9f99a016eb43ef942
Fixed
d3cc85a10abc8eae48988336cdd3689ab92581b3
Fixed
36e92b5edc8e0daa18e9325674313802ce3fbc29
Fixed
416d3c1538df005195721a200b0371d39636e05d
Fixed
b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43841.json"