DoS vulnerability remedied in Linux kernel
Version 2.6.23 of the Linux kernel remedies a vulnerability in its 80211 WLAN code. A flaw in the function ieee80211_rx in net/ieee80211/ieee80211_rx.c can allow specially crafted WLAN frames to provoke a kernel panic if the IEEE80211_STYPE_QOS_DATA flag is set. Attackers need only send a manipulated frame to a PC or the victim's desktop.
However, few WLAN drivers use the code because they generally have their own. Back in April 2006, the IEEE80211 subsystem adopted in Linux 2.6.14 was dropped as the base framework for various wireless drivers. The kernel's new WLAN stack is called mac80211.
But older notebooks with Centrino chipsets may still use the old WLAN stack. Nevertheless, the kernel developers say that the WLAN card or the chip's firmware would first have to let the specially crafted WLAN packet in for the flaw to even be relevant. It is not clear which, if any, cards do so.
- [IEEE80211]: avoid integer underflow for runt rx frames, security advisory at Kernel.org
(mba)