Linux Kernel mac80211_hwsim Short Frame Handling Vulnerability

A vulnerability exists in the Linux kernel's mac80211_hwsim component, specifically in how it handles short control frames. While some control frames, like ACK, are naturally shorter and end after the first address, they should not be forwarded through userspace tools like wmediumd. The current handling can lead to invalid memory access if these shorter frames are processed without the complete three-address header. This issue affects several versions of the Linux kernel.

Impact

The vulnerability can cause memory access errors, potentially leading to memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by sending a short control frame, such as an ACK, through the mac80211_hwsim interface. The frame should be processed by wmediumd or a similar userspace tool, which will forward the incomplete frame, missing the full three-address header. This improper handling will trigger the vulnerability by accessing invalid memory.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.