APPLIED: [SRU][N][PATCH 0/1] CVE-2025-21729
Mehmet Basaran
mehmet.basaran at canonical.com
Fri Oct 10 20:20:58 UTC 2025
Applied to noble:linux master-next branch. Thanks.
-------------- next part --------------
"Alice C. Munduruca" <alice.munduruca at canonical.com> writes:
> [ Impact ]
>
> A Use After Free bug is possible in `rtw89`, as the check for whether the
> device is scanning can race with scan completion, leading to the attribute
> `hw_scan_req` being freed as the scan completes and before it is accessed
> in the function `rtw89_ops_cancel_hw_scan`. As such, protect this code path
> with a mutex so that a race cannot occur.
>
> [ Fix ]
>
> noble: backported from upstream patch --
> added label `out` and applied, removing the dependence on upstream context.
>
> [ Tests ]
>
> Compile and boot tested.
>
> [ Where problems could occur ]
>
> Given that the change consists of protecting a check with an already existing
> mutex, there is little risk of regressions.
>
> Ping-Ke Shih (1):
> wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
>
> drivers/net/wireless/realtek/rtw89/mac80211.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> --
> 2.51.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/c137c9ef/attachment.sig>
More information about the kernel-team
mailing list