Linux Kernel OCB State Management Vulnerability in cfg80211

A vulnerability in the Linux kernel's handling of the Off-Channel Behavior (OCB) state within the cfg80211 wireless configuration interface has been addressed. The issue arose because the system could mistakenly instruct the driver or mac80211 to leave an OCB state when none was established, leading to confusion. This mismanagement occurred after the channel definition state was modified, indicating a need for a straightforward validation check. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could cause improper management of the OCB state, potentially leading to confusion in the driver's state handling.

Reproduction

The vulnerability can be reproduced by invoking the function that leaves the OCB state without a valid OCB connection. This can be done by calling the '__cfg80211_leave_ocb' function when the 'chandef.chan' attribute is not set, which would simulate the absence of an active OCB state. This scenario can be triggered by manipulating the OCB channel definition state before attempting to leave the OCB, creating a situation where the system incorrectly believes it is safe to leave when, in fact, it is not.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.