CVE-2024-27053

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: wilc1000: fix RCU usage in connect path<br /> <br /> With lockdep enabled, calls to the connect function from cfg802.11 layer<br /> lead to the following warning:<br /> <br /> =============================<br /> WARNING: suspicious RCU usage<br /> 6.7.0-rc1-wt+ #333 Not tainted<br /> -----------------------------<br /> drivers/net/wireless/microchip/wilc1000/hif.c:386<br /> suspicious rcu_dereference_check() usage!<br /> [...]<br /> stack backtrace:<br /> CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333<br /> Hardware name: Atmel SAMA5<br /> unwind_backtrace from show_stack+0x18/0x1c<br /> show_stack from dump_stack_lvl+0x34/0x48<br /> dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4<br /> wilc_parse_join_bss_param from connect+0x2c4/0x648<br /> connect from cfg80211_connect+0x30c/0xb74<br /> cfg80211_connect from nl80211_connect+0x860/0xa94<br /> nl80211_connect from genl_rcv_msg+0x3fc/0x59c<br /> genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8<br /> netlink_rcv_skb from genl_rcv+0x2c/0x3c<br /> genl_rcv from netlink_unicast+0x3b0/0x550<br /> netlink_unicast from netlink_sendmsg+0x368/0x688<br /> netlink_sendmsg from ____sys_sendmsg+0x190/0x430<br /> ____sys_sendmsg from ___sys_sendmsg+0x110/0x158<br /> ___sys_sendmsg from sys_sendmsg+0xe8/0x150<br /> sys_sendmsg from ret_fast_syscall+0x0/0x1c<br /> <br /> This warning is emitted because in the connect path, when trying to parse<br /> target BSS parameters, we dereference a RCU pointer whithout being in RCU<br /> critical section.<br /> Fix RCU dereference usage by moving it to a RCU read critical section. To<br /> avoid wrapping the whole wilc_parse_join_bss_param under the critical<br /> section, just use the critical section to copy ies data