[SRU][F][PATCH 0/1] CVE-2024-40911
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Tue Nov 19 11:04:03 UTC 2024
[Impact]
wifi: cfg80211: Lock wiphy in cfg80211_get_station
Wiphy should be locked before calling rdev_get_station() (see lockdep
assert in ieee80211_get_station()).
This fixes a kernel NULL dereference, caused by the fact that
STA has time to disconnect and reconnect before
batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In
this situation, ath10k_sta_state() can be in the middle of resetting
arsta data when the work queue get chance to be scheduled and ends up
accessing it. Locking wiphy prevents that.
[Fix]
Oraculr: Not affected
Noble: Fixed
Jammy: Fixed
Focal: Backported from mainline
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML
[Test Case]
Compile and boot tested.
[Where problems could occur]
The fix affects the cfg80211 subsystem. An issue with this patch may
lead to incorrect locking behavior, which could result in deadlocks or
kernel hangs. Users may also experience failures in wireless
connectivity.
Remi Pommarel (1):
wifi: cfg80211: Lock wiphy in cfg80211_get_station
net/wireless/util.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--
2.43.0
More information about the kernel-team
mailing list