diff options
Diffstat (limited to 'website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc')
| -rw-r--r-- | website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc b/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc new file mode 100644 index 0000000000..c2ce62f3b0 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:07.wifi_meshid Security Advisory + The FreeBSD Project + +Topic: 802.11 heap buffer overflow + +Category: core +Module: net80211 +Announced: 2022-04-06 +Credits: m00nbsd working with Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD. +Corrected: 2022-04-05 22:59:53 UTC (stable/13, 13.1-STABLE) + 2022-04-06 01:56:58 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:17 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-04-05 23:03:40 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:33 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2022-23088 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's net80211 kernel subsystem provides infrastructure and drivers +for IEEE 802.11 wireless (Wi-Fi) communications. + +II. Problem Description + +The 802.11 beacon handling routine failed to validate the length of an +IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. + +III. Impact + +While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with +a SSID) a malicious beacon frame may overwrite kernel memory, leading to +remote code execution. + +IV. Workaround + +No workaround is available. Systems not using Wi-Fi are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:07/wifi_meshid.patch +# fetch https://security.FreeBSD.org/patches/SA-22:07/wifi_meshid.patch.asc +# gpg --verify wifi_meshid.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 72617f9246e3 stable/13-n250273 +releng/13.1/ 00cc1ce78da3 releng/13.1-n250079 +releng/13.0/ b2b23824272d releng/13.0-n244797 +stable/12/ r371868 +releng/12.3/ r371873 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23088> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n +5cL+FQ/9FPr6zxTpQ9HMQym2BYnZZHXLFWE2ALDLXE8UYiNa6vLaeIvO4f/bzS6b +StHq4YoLTU6tPtTVXu1MTv+BZmDcavtKtBohppkcSdV2Xs2zHrlcUGNBlJdWWUR6 +vgcRsI8EhdrFltKoeJ+L7bfHCzE4oGAFKhvap7DL8URrt+a7S0mkfdaX9o7RSQi3 +vku98kns+ylV4T+DgY5KO21rnzwopIkmw3XlRO+S0XILK/h+7EWvcrOTTEV+byQM +vZL17NlumXhrZvg3nQIgpTmai7B8hFCVvRYy8aT8ygRSgEWG5ZtJVuPtgmJ7TMPg +mZneNAQ3eJep4l53nRu3mlxvwJYm9KR/RYDIf6iHhkVStPGv4+9wPSqHZXzn/bDy +MLTHNcOi6wBmRMi+JsR4QkhS6VukFlZvNl4UhXRG7Lx2Tss5CG/SKXCEHcwOYcZY +TEIJY2iDoTTU3jEYWclvcmLMKn3yRfyox1vpv71Ugh33L0lgM22P/5+p/jebeQvL +xl62ZEZZUzOeHfDzMNKi4yFhi4RvRA8exmVTKjPbqiDPIpUQFrCLWvbzeQhUbeSm +zsldDRAf51jeJbahwSfujqjJ7NOum0iY1qTSqgV3JLvAjShQHCMYCK12zlwT42CM +3Op+ruTU7mx9UhjerQtklrzP1qE9i6A9D5Kk/MZSOA4zRbuFTRw= +=uFZx +-----END PGP SIGNATURE----- |