Linux Kernel General Protection Fault Vulnerability in mac80211 Wireless Component

A general protection fault vulnerability has been identified in the Linux kernel's mac80211 wireless component. This issue, reported by syzbot, is likely caused by a non-canonical address leading to a null pointer dereference. The vulnerability arises after a memory leak fix in the ieee80211 interface management, where the proper cleanup was not adequately handled. The fault occurs during the processing of netlink messages related to wireless hardware simulation, potentially disrupting normal operations or causing unexpected behavior.

Impact

Exploitation of this vulnerability leads to a general protection fault, causing a null pointer dereference. This type of error can disrupt system operations and potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system or application.

Reproduction

The vulnerability can be reproduced by simulating the addition of a new wireless radio using the mac80211_hwsim driver. This can be done by sending a netlink message to the mac80211_hwsim kernel module, which will trigger the ieee80211_register_hw function. The improper handling of the ieee80211 interface management will then cause the general protection fault due to the null pointer dereference.