Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40279: Security: Malfunction in function l2_packet_receive_timeout() · Issue #5629 · Samsung/TizenRT

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).

CVE
#vulnerability#linux#dos#samsung

Affected components

affected source code file: external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c

Attack vector(s)

Lacking a check for the return value of pcap_dispatch.
pcap_dispatch() returns the number of packets processed on success; this can be 0 if no packets were read from a live capture (if, for example, they were discarded because they didn’t pass the packet filter, or if, on platforms that support a read timeout that starts before any packets arrive, the timeout expires before any packets arrive, or if the file descriptor for the capture device is in non-blocking mode and no packets were available to be read) or if no more packets are available in a ‘’savefile.’’ It returns -1 if an error occurs or -2 if the loop terminated due to a call to pcap_breakloop() before any packets were processed. If your application uses pcap_breakloop(), make sure that you explicitly check for -1 and -2, rather than just checking for a return value < 0.

Suggested description of the vulnerability for use in the CVE

Malfunction vulnerability in l2_packet_receive_timeout() function in Samsung Electronics TizenRT latest version (and earlier) due to missing a check on the return value of pcap_dispatch().

Discoverer(s)/Credits

UVScan

Reference(s)

https://linux.die.net/man/3/pcap_dispatch

pcap_dispatch(pcap, 10, l2_packet_receive_cb, (u_char *)l2);

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907