ACK/Cmnt: [SRU][F/J][PATCH v2 0/2] CVE-2024-56599
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Apr 9 06:12:23 UTC 2025
On Tue, 8 Apr 2025 at 17:44, Abdur Rahman <abdur.rahman at canonical.com> wrote:
>
> This patch fixes use-after-free error in the Atheros 10k wireless driver. Due
> to CONFIG_INIT_ON_FREE_DEFAULT_ON, pointers of struct cfg80211_registered_device
> *rdev are set to NULL in the ath10k_core_destroy() function. Then
> destroy_workqueue() uses the pointer and kernel panic happens.
>
> [Backport]
>
> Oracular: Fixed
> Noble: Fixed
> Jammy: Patch sent to ML
> Focal: Patch sent to ML
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> Since this is a minor change with respect to a Atheros 10k driver, errors may be
> caused in any devices using this driver. Error may cause unpredictable behavior or
> crash.
>
> [Other Info]
>
> Changes between v1 and v2:
> Modified commit messages to explain what changes were made in backport of the
> patches.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
The patch looks good.
Just remember to use the [Impact] header in the next cover letter.
Acked-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
--
Massimiliano Pellizzer
More information about the kernel-team
mailing list