AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-24 02:43:27 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
ef91a6bd94
linux_dsm_epyc7002/net/wireless
History
Mathy Vanhoef c730d72aa6 cfg80211: mitigate A-MSDU aggregation attacks 
commit 2b8a1fee3488c602aca8bea004a087e60806a5cf upstream.

Mitigate A-MSDU injection attacks (CVE-2020-24588) by detecting if the
destination address of a subframe equals an RFC1042 (i.e., LLC/SNAP)
header, and if so dropping the complete A-MSDU frame. This mitigates
known attacks, although new (unknown) aggregation-based attacks may
remain possible.

This defense works because in A-MSDU aggregation injection attacks, a
normal encrypted Wi-Fi frame is turned into an A-MSDU frame. This means
the first 6 bytes of the first A-MSDU subframe correspond to an RFC1042
header. In other words, the destination MAC address of the first A-MSDU
subframe contains the start of an RFC1042 header during an aggregation
attack. We can detect this and thereby prevent this specific attack.
For details, see Section 7.2 of "Fragment and Forge: Breaking Wi-Fi
Through Frame Aggregation and Fragmentation".

Note that for kernel 4.9 and above this patch depends on "mac80211:
properly handle A-MSDUs that start with a rfc1042 header". Otherwise
this patch has no impact and attacks will remain possible.

Cc: stable@vger.kernel.org
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be>
Link: https://lore.kernel.org/r/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-03 09:00:29 +02:00
..
certs
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
ap.c
chan.c cfg80211: only allow S1G channels on S1G band 2020-10-08 10:41:24 +02:00
core.c cfg80211: initialize wdev data earlier 2020-10-30 10:03:59 +01:00
core.h nl80211: validate key indexes for cfg80211_registered_device 2020-12-26 16:02:45 +01:00
debugfs.c
debugfs.h
ethtool.c cfg80211: check wiphy driver existence for drvinfo report 2020-02-07 12:53:26 +01:00
ibss.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
Kconfig cfg80211: select CONFIG_CRC32 2021-01-19 18:27:28 +01:00
lib80211_crypt_ccmp.c
lib80211_crypt_tkip.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211_crypt_wep.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
lib80211.c lib80211: Remove unused macro DRV_NAME 2020-09-18 11:53:00 +02:00
Makefile
mesh.c cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
mlme.c cfg80211: handle Association Response from S1G STA 2020-09-28 13:54:03 +02:00
nl80211.c nl80211: fix potential leak of ACL params 2021-04-14 08:42:02 +02:00
nl80211.h nl80211: link recursive netlink nested policy 2020-04-30 17:51:41 -07:00
ocb.c
of.c
pmsr.c nl80211: link recursive netlink nested policy 2020-04-30 17:51:41 -07:00
radiotap.c wireless: radiotap: fix some kernel-doc 2020-09-28 13:53:05 +02:00
rdev-ops.h nl80211: add ability to report TX status for control port TX 2020-05-27 10:02:04 +02:00
reg.c cfg80211: regulatory: Fix inconsistent format argument 2020-10-30 10:06:56 +01:00
reg.h
scan.c cfg80211: scan: drop entry from hidden_list on overflow 2021-05-14 09:50:00 +02:00
sme.c cfg80211: remove WARN_ON() in cfg80211_sme_connect 2021-04-14 08:42:13 +02:00
sysfs.c
sysfs.h
trace.c
trace.h cfg80211/mac80211: add mesh_param "mesh_nolearn" to skip path discovery 2020-07-31 09:24:23 +02:00
util.c cfg80211: mitigate A-MSDU aggregation attacks 2021-06-03 09:00:29 +02:00
wext-compat.c net: wireless: Convert to use the preferred fallthrough macro 2020-08-27 11:24:28 +02:00
wext-compat.h
wext-core.c wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:28:38 +01:00
wext-priv.c
wext-proc.c
wext-sme.c mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
wext-spy.c