{"id":"CVE-2024-43841","summary":"wifi: virt_wifi: avoid reporting connection success with wrong SSID","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: virt_wifi: avoid reporting connection success with wrong SSID\n\nWhen user issues a connection with a different SSID than the one\nvirt_wifi has advertised, the __cfg80211_connect_result() will\ntrigger the warning: WARN_ON(bss_not_found).\n\nThe issue is because the connection code in virt_wifi does not\ncheck the SSID from user space (it only checks the BSSID), and\nvirt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS\neven if the SSID is different from the one virt_wifi has advertised.\nEventually cfg80211 won't be able to find the cfg80211_bss and generate\nthe warning.\n\nFixed it by checking the SSID (from user space) in the connection code.","modified":"2026-05-18T05:58:57.186416172Z","published":"2024-08-17T09:21:56.517Z","related":["SUSE-SU-2024:3190-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3209-1","SUSE-SU-2024:3383-1","SUSE-SU-2024:3483-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43841.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/05c4488a0e446c6ccde9f22b573950665e1cd414"},{"type":"WEB","url":"https://git.kernel.org/stable/c/36e92b5edc8e0daa18e9325674313802ce3fbc29"},{"type":"WEB","url":"https://git.kernel.org/stable/c/416d3c1538df005195721a200b0371d39636e05d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/93e898a264b4e0a475552ba9f99a016eb43ef942"},{"type":"WEB","url":"https://git.kernel.org/stable/c/994fc2164a03200c3bf42fb45b3d49d9d6d33a4d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d3cc85a10abc8eae48988336cdd3689ab92581b3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43841.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-43841"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c7cdba31ed8b87526db978976392802d3f93110c"},{"fixed":"994fc2164a03200c3bf42fb45b3d49d9d6d33a4d"},{"fixed":"05c4488a0e446c6ccde9f22b573950665e1cd414"},{"fixed":"93e898a264b4e0a475552ba9f99a016eb43ef942"},{"fixed":"d3cc85a10abc8eae48988336cdd3689ab92581b3"},{"fixed":"36e92b5edc8e0daa18e9325674313802ce3fbc29"},{"fixed":"416d3c1538df005195721a200b0371d39636e05d"},{"fixed":"b5d14b0c6716fad7f0c94ac6e1d6f60a49f985c7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43841.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.0.0"},{"fixed":"5.4.282"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.224"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.165"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.103"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.44"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.10.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43841.json"}}],"schema_version":"1.7.5"}