wifi:ath12k:映射重新注入的数据包时更改 DMA 方向(CVE-2024-43881)

admin 2024-08-23 00:36:49 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
wifi:ath12k:映射重新注入的数据包时更改 DMA 方向(CVE-2024-43881)

CVE编号

CVE-2024-43881

利用情况

暂无

补丁情况

N/A

披露时间

2024-08-21
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host. Given that arbitrary memory can be allocated to the skb buffer, knowledge about the data contained in the reinjected buffer is lacking. Consequently, there’s a risk of private information being leaked. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/33322e3ef07409278a18c6919c448e369d66a18e
https://git.kernel.org/stable/c/6925320fcd40d8042d32bf4ede8248e7a5315c3b
https://git.kernel.org/stable/c/e99d9b16ff153de9540073239d24adc3b0a3a997
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 debian_11 linux * Up to (excluding) 5.10.223-1
运行在以下环境
系统 debian_12 linux * Up to (excluding) 6.1.99-1
CVSS3评分 N/A
  • 攻击路径 N/A
  • 攻击复杂度 N/A
  • 权限要求 N/A
  • 影响范围 N/A
  • 用户交互 N/A
  • 可用性 N/A
  • 保密性 N/A
  • 完整性 N/A
N/A
CWE-ID 漏洞类型
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
N/A Ali_nvd

N/A

N/ACVE编号 CVE-2024-38305利用情况 暂无补丁情况 N/A披露时间 2024-08-21漏洞描述Dell SupportAssist家用电
N/A Ali_nvd

N/A

N/ACVE编号 CVE-2024-42939利用情况 暂无补丁情况 N/A披露时间 2024-08-21漏洞描述YZNCMS v1.4.2中的/index
评论:0   参与:  0