ACK/Cmnt: [SRU][J][PATCH v4 0/3] CVE-2023-52593

Stefan Bader stefan.bader at canonical.com
Tue Aug 19 13:07:22 UTC 2025 

On 07.08.25 17:17, alice.munduruca at canonical.com wrote:
> From: "Alice C. Munduruca" <alice.munduruca at canonical.com>
> 
> v2 -> change `cherry-picked from` to `backported from` with added
>        notes concerning the changes. Changed the `Where problems could
>        occur` section as previous was incorrect.
> v3 -> added this changelog to document version changes.
> v4 -> added missing commits d2b2beb94 and 4bda7e3e9 that fix memory
>        and functionality bugs within the patched wifi driver.
> 
> [ Impact ]
> 
> No check is made in `wfx_set_mfp_ap` in case the function
> `ieee80211_beacon_get` returns a null pointer in case of error.
> As a result, we add a check to ensure a null pointer dereference
> does not occur. Additional commits address lack of memory management
> and consideration for a typical non-invalid state which was
> mishandled.
> 
> [ Fix ]
> 
> Jammy: Backported from torvalds/linux --
>         `wfx_hif_set_mfp` was changed to the applicable
>         `hif_set_mfp` given the lack of namespacing prior
>         to commit fcd6c0f9a12369ae6d500d747e668ed98ef5edd6.
> 
> [ Test Plan ]
> 
> Compile and boot tested, since no hardware is available.
> 
> [ Where problems could occur ]
> 
> It's possible that the additional checks (although some are marked
> with the unlikely macro) could result in performance degradations
> should the function be called sufficiently often.
> 
> Dmitry Antipov (1):
>    wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
> 
>   drivers/staging/wfx/sta.c | 43 +++++++++++++++++++++++----------------
>   1 file changed, 25 insertions(+), 18 deletions(-)
> 
Patch 2/3 is not a direct pre-req for 3/3. However it relates to a 
change which seems to be included with upstream v5.15. So for review it 
would be good to explain the reasons to include it in the cover email. 
As each iteration is a separate thread, discussions in v1 or v2 are lost 
in time.

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250819/dbe7f66b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250819/dbe7f66b/attachment-0001.sig>

More information about the kernel-team mailing list