Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp310759lqp;
        Wed, 22 May 2024 05:34:51 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWby1MmdrkUfcUrIuB6t/0gHQGS1MnWKmzpjEqBoz+u5Jmknbi8DYQ/RenrFp9sjy83YMMt4Qr4kxsdnFBayrRwuerb/pQnNDeNHGZk9w==
X-Google-Smtp-Source: AGHT+IHUHrOXX+VVJwseQh9oA/j2nd6/cHoiNIfMpaUnyws2dVpLj7TpzCwv6pJ/0dfkFHOXNJvU
X-Received: by 2002:a17:902:ec86:b0:1f2:f983:b844 with SMTP id d9443c01a7336-1f31ca4b6b7mr21448355ad.65.1716381290808;
        Wed, 22 May 2024 05:34:50 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716381290; cv=pass;
        d=google.com; s=arc-20160816;
        b=AoPwkxy1s+32Q9loylrPk8ZCdXwVlwVTms7mLtbYkzOhL7FbRLQc0fTEUXdPL3TwX1
         3fRUmL0g5+TGPJp+agVZaXCH5/LUauvey7jgcRpNpPatYcFOv3gD76cf5v7R8lt+5zuw
         OY8bivRv6iA1nH8NlwHVixlWtFy555RaBG700SCBLU8mQ0zdvxZFJUKSS76K0t2+DyOR
         lz3q0Dbu01SLO9UaEKu3wNUZT46IMebnE1jYMAbcvXzLm801XysStT8HS21fmjDTKAqy
         90g6f/uFLDYTARtg0NS7m9Ts9sthHvUtv8OsEKE21QQyCmDO6zFpeuOH9k6/eBN7L6pK
         2odQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=geFyggvw42vOeKMhB72ekzlPT4vava+TCBpZ3lb7uZ8=;
        fh=Wt9yfClQJue1P54NJaE8OdfICy3buOWNqjt2dtQL0hY=;
        b=ZF0zHuHEzywkXT8V6xBwMfH5qI0qr7zgNSc+5fC9iWYThfax+L6lE5NMOFUMjCzobU
         1epg3n5Rkz5uv6ufCfQqMjSoII321FsI9HEYCSaWUJU6BtQFe1ZN19SY+0hLIszwbJ5o
         RuUUd2KPeeiAJbsP27b5eiQRRwa8VRe6oIv5roFfprWralitE6t2iBwYQ3OZTeGOljTd
         mZG7YhXONVC2Y/cuRkZMNdMx+pV+zItEaMLLIriVT73WSxZn7nWntMO+LZB9nPS81Q/m
         hrNhxaIJO8I8U6rfVwdzXHnTH1LVTPZtJ62exQS7vM06oMeKSUJmEhgtAhcqY03+jnu/
         LZbw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=m7N2oHez;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-186228-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-186228-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel+bounces-186228-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id d9443c01a7336-1ef0c0372dcsi25359135ad.332.2024.05.22.05.34.50
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 22 May 2024 05:34:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-186228-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=m7N2oHez;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-kernel+bounces-186228-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-186228-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 71E42283D0C
	for <linux.lists.archive@gmail.com>; Wed, 22 May 2024 12:34:50 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id F32AD13D61A;
	Wed, 22 May 2024 12:34:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="m7N2oHez"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 147C4130A53;
	Wed, 22 May 2024 12:34:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716381284; cv=none; b=Xn38/skKspc9MR9F3fEU1YFcwBw8U5wN85CMXw+lnwGz5ihKTCmIjSvIhiXN39YGfI/gnbT012T68jrntaC9Sf9J2cQcjeI3YIDBEbXaxsV2B7P0stZ+F1h+NFQrGC9ao7eYeCKlNumEfTvKCtCP7CZFJ1rCOMXlTIIxqDLKj+w=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716381284; c=relaxed/simple;
	bh=0+wBh2A6G9cbB+lHeDN9Taxufokix63LGAyMizCEq8I=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=Xxs0FkPjMrZFOyglnUUqAQgMHSXAfMxHoPkiv+pwbfOgkdm2Q+gMz9yUBQphCd9Qhq9H2i1lkp39PKdz6LrAe5Ozf78ErsuRrYCBmvkd5UEB+cbqCJrywpCYIYkwNs7z7DSEgmHeS8y4/ApG3+dXr6sLpgxHI7HNEGPiJgymmCA=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=m7N2oHez; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5A4E0C2BD11;
	Wed, 22 May 2024 12:34:43 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1716381283;
	bh=0+wBh2A6G9cbB+lHeDN9Taxufokix63LGAyMizCEq8I=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=m7N2oHezajdS5VUWHtxQrfyLA+ApwbYaBzm0zTXpqrGJJl361XOdOTwef1kFzLv+A
	 Z7JYmd4CZozqN0HGbMB49I67imUj5xiKJokGGgnamkARxGo5QtpktkfcsOpNJpJyIp
	 XAAOXJIHGJBV2Hbdl9fp+s3pJWMta+Xjn+eFm6aU=
Date: Wed, 22 May 2024 14:34:41 +0200
From: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
To: Siddh Raman Pant <siddh.raman.pant@oracle.com>
Cc: "cve@kernel.org" <cve@kernel.org>,
	"linux-cve-announce@vger.kernel.org" <linux-cve-announce@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: CVE-2024-27410: wifi: nl80211: reject iftype change with mesh ID
 change
Message-ID: <2024052231-entity-peculiar-0087@gregkh>
References: <2024051701-CVE-2024-27410-874a@gregkh>
 <42c2fa68c360d05dcf798bc783078270e8fe8314.camel@oracle.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42c2fa68c360d05dcf798bc783078270e8fe8314.camel@oracle.com>

On Wed, May 22, 2024 at 12:28:59PM +0000, Siddh Raman Pant wrote:
> On Fri, 17 May 2024 13:52:02 +0200, Greg Kroah-Hartman wrote:
> > In the Linux kernel, the following vulnerability has been resolved:
> > 
> > wifi: nl80211: reject iftype change with mesh ID change
> > 
> > It's currently possible to change the mesh ID when the
> > interface isn't yet in mesh mode, at the same time as
> > changing it into mesh mode. This leads to an overwrite
> > of data in the wdev->u union for the interface type it
> > currently has, causing cfg80211_change_iface() to do
> > wrong things when switching.
> > 
> > [...]
> > 
> > The Linux kernel CVE team has assigned CVE-2024-27410 to this issue.
> 
> This does not apply to versions below 6.0, as the union was not backported.
> The fix commit mentioned is incorrect, it should be 7b0a0e3c3a88.

Changelogs should be written a bit more careful then :)

Note, that commit was backported to 5.19.2, so 6.0 is not correct...

I'll go update the cve and push out a json update to cve.org with this
information, thanks for letting us know!

Also, this commit was backported to the older kernels, so this is going
to look strange, here's the new text:

+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 4.19.309 with commit d38d31bbbb9d
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 5.4.271 with commit 0cfbb26ee5e7
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 5.10.212 with commit 99eb2159680a
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 5.15.151 with commit 063715c33b4c
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 6.1.81 with commit 930e826962d9
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 6.6.21 with commit 177d574be4b5
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 6.7.9 with commit a2add961a5ed
+       Issue introduced in 6.0 with commit 7b0a0e3c3a88 and fixed in 6.8 with commit f78c1375339a

Hopefully people's json parsers can handle that well :)

thanks,

greg k-h