projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a3558e1) | patch
mac80211: drop A-MSDUs on old ciphers
authorJohannes Berg <johannes.berg@intel.com>
Mon, 31 May 2021 20:31:30 +0000 (22:31 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 3 Jun 2021 06:36:13 +0000 (08:36 +0200)
commit5f760074013398349479303c1368d63567f29ca2
treecff8573b5b7df5015e28852a79b2f1293916f397tree | snapshot (tar.gz zip)
parenta3558e1b75fefb2299659ee0070ee917927d9220commit | diff
mac80211: drop A-MSDUs on old ciphers

commit 270032a2a9c4535799736142e1e7c413ca7b836e upstream.

With old ciphers (WEP and TKIP) we shouldn't be using A-MSDUs
since A-MSDUs are only supported if we know that they are, and
the only practical way for that is HT support which doesn't
support old ciphers.

However, we would normally accept them anyway. Since we check
the MMIC before deaggregating A-MSDUs, and the A-MSDU bit in
the QoS header is not protected in TKIP (or WEP), this enables
attacks similar to CVE-2020-24588. To prevent that, drop A-MSDUs
completely with old ciphers.

Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20210511200110.076543300172.I548e6e71f1ee9cad4b9a37bf212ae7db723587aa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/mac80211/rx.c diff | blob | blame | history