NACK: [SRU][F/J][PATCH 0/2] CVE-2024-56599

[Massimiliano Pellizzer]

On Mon, 7 Apr 2025 at 21:27, Abdur Rahman <abdur.rahman at canonical.com> wrote:
>
> This patch fixes use-after-free error in the Atheros 10k wireless driver. Due
> to CONFIG_INIT_ON_FREE_DEFAULT_ON, pointers of struct cfg80211_registered_device
> *rdev are set to NULL in the ath10k_core_destroy() function. Then
> destroy_workqueue() uses the pointer and kernel panic happens.
>
> [Backport]
>
> Oracular: Fixed
> Noble: Fixed
> Jammy: Patch sent to ML
> Focal: Patch sent to ML
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> Since this is a minor change with respect to a Atheros 10k driver, errors may be
> caused in any devices using this driver. Error may cause unpredictable behavior or
> crash.
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Commit:
- 95c38953cb1ec wifi: ath10k: avoid NULL pointer error during sdio remove
is a mainline commit which landed in v6.13-rc1, therefore there is no need
to specify 'linux-x.x.y' in the line:
(backported from commit 95c38953cb1ecf40399a676a1f85dfe2b5780a9a 6.14.y)
after the commit hash.

When backporting a patch (therefore modifying the original commit) it
is necessary to specify
how you modified it using the following format:
(backported from commit 95c38953cb1ecf40399a676a1f85dfe2b5780a9a)
[<username>: explanation...]
In this patchset there is an explanation after a cherry pick and no
explanation after a backport.

Please send a v2 addressing these issues.
Useful resources are:
- https://canonical-kernel-docs.readthedocs-hosted.com/en/latest/reference/patch-acceptance-criteria/
- https://canonical-kernel-docs.readthedocs-hosted.com/en/latest/reference/stable-patch-format/
Thanks

-- 
Massimiliano Pellizzer