APPLIED: [SRU][M][PATCH 0/1] CVE-2024-26694
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Apr 25 14:58:52 UTC 2024
On 19/04/2024 19:42, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> wifi: iwlwifi: fix double-free bug
>
> The storage for the TLV PC register data wasn't done like all
> the other storage in the drv->fw area, which is cleared at the
> end of deallocation. Therefore, the freeing must also be done
> differently, explicitly NULL'ing it out after the free, since
> otherwise there's a nasty double-free bug here if a file fails
> to load after this has been parsed, and we get another free
> later (e.g. because no other file exists.) Fix that by adding
> the missing NULL assignment.
>
> [Fix]
>
> Mantic: Clean cherry-pick from linux-6.7.y
> Jammy: not-affected
> Focal: not-affected
> Bionic: not-affected
> Xenial: not-affected
> Trusty: not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use iwlwifi (intel wireless wifi), an
> issue with this fix would be visable to the user via unpredicted
> system behavior or a system crash.
>
> Johannes Berg (1):
> wifi: iwlwifi: fix double-free bug
>
> drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 +
> 1 file changed, 1 insertion(+)
>
I added the CVE no to the commit that was cherry-picked from stable.
More information about the kernel-team
mailing list