The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: NULL pointer dereference via mac80211

Synthesis of the vulnerability 

An attacker can dereference a NULL pointer in the mac80211 module of the Linux kernel, in order to trigger a denial of service.
Vulnerable systems: Android OS, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this threat: 2/4.
Creation date: 02/04/2014.
Références of this weakness: CERTFR-2014-AVI-241, CERTFR-2014-AVI-242, CERTFR-2014-AVI-333, CERTFR-2014-AVI-388, CVE-2014-2706, MDVSA-2014:124, openSUSE-SU-2014:1246-1, RHSA-2014:0557-01, RHSA-2014:0981-01, RHSA-2014:1023-01, RHSA-2014:1101-01, SUSE-SU-2014:1105-1, SUSE-SU-2014:1316-1, SUSE-SU-2014:1319-1, USN-2221-1, USN-2223-1, USN-2224-1, USN-2225-1, USN-2227-1, USN-2228-1, VIGILANCE-VUL-14510.

Description of the vulnerability 

The mac80211 driver implements the support of WiFi frames.

However, when it exits a sleeping pause, it does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer in the mac80211 module of the Linux kernel, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability announce impacts software or systems such as Android OS, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of radio connection.

An attacker with a expert ability can exploit this threat alert.

Solutions for this threat 

Linux kernel: version 3.13.7.
The version 3.13.7 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.12.15.
The version 3.12.15 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.10.34.
The version 3.10.34 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.4.84.
The version 3.4.84 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: version 3.2.56.
The version 3.2.56 is fixed:
  https://www.kernel.org/pub/linux/kernel/v3.x/

Linux kernel: patch for mac80211.
A patch is available in information sources.

Android OS: patch 2017-04-01 and 2017-04-05.
A patch is indicated in information sources.

Mandriva BS: new kernel packages.
New packages are available:
  Mandriva BS1: kernel 3.4.93-1.1.mbs1

openSUSE 11.4: new kernel packages (29/09/2014).
New packages are available:
  openSUSE 11.4: kernel 3.0.101-91.1

Red Hat Enterprise MRG 2.5: new kernel-rt packages.
New packages are available:
  RHEL 6: kernel-rt 3.10.33-rt32.34.el6rt

RHEL 6.4: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-358.48.1.el6

RHEL 6: new kernel packages.
New packages are available:
  RHEL 6: kernel 2.6.32-431.23.3.el6

RHEL 7: new kernel packages.
New packages are available:
  RHEL 7: kernel 3.10.0-123.6.3.el7

SUSE LE 11 SP2: new kernel packages.
New packages are available:
  SUSE LE 11: kernel 3.0.101-0.7.23.1

SUSE LE 11 SP3: new kernel packages (23/10/2014).
New packages are available:
  SUSE LE 11: kernel default-3.0.101-0.40.1
This update also includes some kernel modules packages.

Ubuntu 12.04 LTS: new linux-image-3.11.0-22-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.11.0-22-generic 3.11.0-22.38~precise1

Ubuntu 12.04 LTS: new linux-image-3.2.0-1446-omap4 packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.2.0-1446-omap4 3.2.0-1446.65

Ubuntu 12.04 LTS: new linux-image-3.2.0-63-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.2.0-63-generic 3.2.0-63.95

Ubuntu 12.04 LTS: new linux-image-3.5.0-51-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.5.0-51-generic 3.5.0-51.76~precise1

Ubuntu 12.04 LTS: new linux-image-3.8.0-41-generic packages.
New packages are available:
  Ubuntu 12.04 LTS: linux-image-3.8.0-41-generic 3.8.0-41.60~precise1

Ubuntu 13.10: new linux-image-3.11.0-22-generic packages.
New packages are available:
  Ubuntu 13.10: linux-image-3.11.0-22-generic 3.11.0-22.38
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.