CVE-2024-43841
Published: Aug 17, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won't be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c7cdba31ed8b87526db978976392802d3f93110c - < 994fc2164a03200c3bf42fb45b3d49d9d6d33a4daffected c7cdba31ed8b87526db978976392802d3f93110c - < 05c4488a0e446c6ccde9f22b573950665e1cd414affected c7cdba31ed8b87526db978976392802d3f93110c - < 93e898a264b4e0a475552ba9f99a016eb43ef942affected c7cdba31ed8b87526db978976392802d3f93110c - < d3cc85a10abc8eae48988336cdd3689ab92581b3affected c7cdba31ed8b87526db978976392802d3f93110c - < 36e92b5edc8e0daa18e9325674313802ce3fbc29+2 more versions |
Linux | Linux | affected 5.0unaffected 0 - < 5.0unaffected 5.4.282 - <= 5.4.*unaffected 5.10.224 - <= 5.10.*unaffected 5.15.165 - <= 5.15.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now