Linux Kernel cfg80211 Missing Lock Vulnerability in CAC Handling

A vulnerability exists in the Linux kernel's cfg80211 wireless configuration subsystem, specifically in versions prior to 6.14.0-rc5. The issue arises because the function 'cfg80211_propagate_cac_done_wk' does not acquire the necessary wiphy mutex before calling 'wdev_chandef', which can lead to a warning being triggered. This vulnerability was identified during testing with hostapd's mesh_peer_connected_dfs, in conjunction with unreleased changes to mac80211.

Impact

Exploitation of this vulnerability can cause a kernel warning about a missing lock, indicating potential issues with concurrency and synchronization in the wireless event handling.

Reproduction

The vulnerability can be reproduced by running the Linux kernel version 6.14.0-rc5 or earlier, and executing the mesh_peer_connected_dfs test from hostapd. This will trigger the 'cfg80211_propagate_cac_done_wk' worker, which fails to hold the required wiphy mutex, leading to the warning about the missing lock.

Remediation

Users can upgrade to Linux kernel version 6.14.0 or later, where this vulnerability has been addressed.