APPLIED: [SRU][F/J][PATCH v2 0/2] CVE-2024-56599
Mehmet Basaran
mehmet.basaran at canonical.com
Wed Apr 9 18:40:18 UTC 2025
Applied to focal:linux, jammy:linux master-next branches. Thanks.
-------------- next part --------------
Abdur Rahman <abdur.rahman at canonical.com> writes:
> This patch fixes use-after-free error in the Atheros 10k wireless driver. Due
> to CONFIG_INIT_ON_FREE_DEFAULT_ON, pointers of struct cfg80211_registered_device
> *rdev are set to NULL in the ath10k_core_destroy() function. Then
> destroy_workqueue() uses the pointer and kernel panic happens.
>
> [Backport]
>
> Oracular: Fixed
> Noble: Fixed
> Jammy: Patch sent to ML
> Focal: Patch sent to ML
> Bionic: Not affected
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> Since this is a minor change with respect to a Atheros 10k driver, errors may be
> caused in any devices using this driver. Error may cause unpredictable behavior or
> crash.
>
> [Other Info]
>
> Changes between v1 and v2:
> Modified commit messages to explain what changes were made in backport of the
> patches.
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250409/baa743fe/attachment.sig>
More information about the kernel-team
mailing list