Linux Kernel cfg80211 Component Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's cfg80211 component, specifically within the function that updates known Basic Service Set (BSS) information. This vulnerability arises from a quirk introduced to properly track hidden SSID networks, which can lead to improper memory management and potential exploitation. The issue has been addressed in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to memory corruption issues, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by triggering the 'bss_free()' quirk while 'hidden_beacon_bss' is not properly managed, allowing the last beacon frame elements to be freed incorrectly. This can be done by manipulating BSS updates in a way that exploits the timing of the memory free operations.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the patched version can be found in the Linux kernel official documentation.