Vigil@nce: Linux kernel, denial of service of mac80211
December 2009 by Vigil@nce
An attacker can send malicious 802.11 packets, in order to stop
the system.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: radio connection
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/12/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The standard IEEE 802.11-2007 defines frames ADDBA (Add Block ACK)
and DELBA (Delete Block ACK) to manage multicast communications.
When the ieee80211_sta_stop_rx_ba_session() function of the
net/mac80211/agg-rx.c file handles a malformed DELBA frame, it
calls the BUG_ON() macro, which stops the kernel.
An attacker can therefore send malicious 802.11 packets, in order
to stop the system.
CHARACTERISTICS
– Identifiers: CVE-2009-4026, CVE-2009-4027, VIGILANCE-VUL-9260
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-of-mac80211-9260