[SRU][F/J][PATCH 0/2] CVE-2024-56599
Abdur Rahman
abdur.rahman at canonical.com
Mon Apr 7 19:26:42 UTC 2025
This patch fixes use-after-free error in the Atheros 10k wireless driver. Due
to CONFIG_INIT_ON_FREE_DEFAULT_ON, pointers of struct cfg80211_registered_device
*rdev are set to NULL in the ath10k_core_destroy() function. Then
destroy_workqueue() uses the pointer and kernel panic happens.
[Backport]
Oracular: Fixed
Noble: Fixed
Jammy: Patch sent to ML
Focal: Patch sent to ML
Bionic: Not affected
Xenial: Not affected
[Test Case]
Compile and boot tested.
[Where problems could occur]
Since this is a minor change with respect to a Atheros 10k driver, errors may be
caused in any devices using this driver. Error may cause unpredictable behavior or
crash.
More information about the kernel-team
mailing list