APPLIED: [SRU][N][PATCH 0/1] CVE-2025-21729
Edoardo Canepa
edoardo.canepa at canonical.com
Thu Oct 16 14:02:24 UTC 2025
Applied to noble:linux/master-next. Thanks.
On 10/7/25 22:55, Alice C. Munduruca wrote:
> [ Impact ]
>
> A Use After Free bug is possible in `rtw89`, as the check for whether the
> device is scanning can race with scan completion, leading to the attribute
> `hw_scan_req` being freed as the scan completes and before it is accessed
> in the function `rtw89_ops_cancel_hw_scan`. As such, protect this code path
> with a mutex so that a race cannot occur.
>
> [ Fix ]
>
> noble: backported from upstream patch --
> added label `out` and applied, removing the dependence on upstream context.
>
> [ Tests ]
>
> Compile and boot tested.
>
> [ Where problems could occur ]
>
> Given that the change consists of protecting a check with an already existing
> mutex, there is little risk of regressions.
>
> Ping-Ke Shih (1):
> wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
>
> drivers/net/wireless/realtek/rtw89/mac80211.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251016/d004acac/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251016/d004acac/attachment.sig>
More information about the kernel-team
mailing list