Linux Kernel Null Pointer Dereference Vulnerability in mac80211 MLME Association Handling

A null pointer dereference vulnerability has been identified in the Linux kernel's mac80211 module, specifically within the management layer for association (MLME). This issue arises when an association to an access point (AP) fails, particularly if the link 0 is not active. The failure leads to a crash in the tracing system, which incorrectly assumes that either the AP's MLD address or the link 0 BSS is valid. This misconception occurs because the valid links are cleared, and the AP's MLD address is not properly added to the structure. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash in the kernel.

Reproduction

To reproduce this vulnerability, attempt to associate with an access point that does not have an active link 0. Monitor the system for crashes in the tracing subsystem, which will indicate that the null pointer dereference has occurred.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.