APPLIED: [SRU][F][PATCH 0/1] CVE-2024-40911

[Mehmet Basaran]

Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com> writes:

> [Impact]
>
> wifi: cfg80211: Lock wiphy in cfg80211_get_station
>
> Wiphy should be locked before calling rdev_get_station() (see lockdep
> assert in ieee80211_get_station()).
>
> This fixes a kernel NULL dereference, caused by the fact that
> STA has time to disconnect and reconnect before
> batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In
> this situation, ath10k_sta_state() can be in the middle of resetting
> arsta data when the work queue get chance to be scheduled and ends up
> accessing it. Locking wiphy prevents that.
>
> [Fix]
>
> Oraculr: Not affected
> Noble: Fixed
> Jammy: Fixed
> Focal: Backported from mainline
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix affects the cfg80211 subsystem. An issue with this patch may
> lead to incorrect locking behavior, which could result in deadlocks or
> kernel hangs. Users may also experience failures in wireless
> connectivity.
>
> Remi Pommarel (1):
>   wifi: cfg80211: Lock wiphy in cfg80211_get_station
>
>  net/wireless/util.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> -- 
> 2.43.0
>
>
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to focal:linux master-next branch. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250113/5d3c4afb/attachment.sig>