ACK: [SRU][N][PATCH 0/1] CVE-2025-21729
Alessio Faina
alessio.faina at canonical.com
Fri Oct 10 07:59:57 UTC 2025
On Tue, Oct 07, 2025 at 04:55:51PM -0400, Alice C. Munduruca wrote:
> [ Impact ]
>
> A Use After Free bug is possible in `rtw89`, as the check for whether the
> device is scanning can race with scan completion, leading to the attribute
> `hw_scan_req` being freed as the scan completes and before it is accessed
> in the function `rtw89_ops_cancel_hw_scan`. As such, protect this code path
> with a mutex so that a race cannot occur.
>
> [ Fix ]
>
> noble: backported from upstream patch --
> added label `out` and applied, removing the dependence on upstream context.
>
> [ Tests ]
>
> Compile and boot tested.
>
> [ Where problems could occur ]
>
> Given that the change consists of protecting a check with an already existing
> mutex, there is little risk of regressions.
>
> Ping-Ke Shih (1):
> wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
>
> drivers/net/wireless/realtek/rtw89/mac80211.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> --
> 2.51.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Alessio Faina <alessio.faina at canonical.com>
More information about the kernel-team
mailing list