CVE-2024-26693

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: iwlwifi: mvm: fix a crash when we run out of stations<br /> <br /> A DoS tool that injects loads of authentication frames made our AP<br /> crash. The iwl_mvm_is_dup() function couldn&amp;#39;t find the per-queue<br /> dup_data which was not allocated.<br /> <br /> The root cause for that is that we ran out of stations in the firmware<br /> and we didn&amp;#39;t really add the station to the firmware, yet we didn&amp;#39;t<br /> return an error to mac80211.<br /> Mac80211 was thinking that we have the station and because of that,<br /> sta_info::uploaded was set to 1. This allowed<br /> ieee80211_find_sta_by_ifaddr() to return a valid station object, but<br /> that ieee80211_sta didn&amp;#39;t have any iwl_mvm_sta object initialized and<br /> that caused the crash mentioned earlier when we got Rx on that station.