APPLIED: [SRU][M/J/F][PATCH 0/1] CVE-2023-47233

[Roxana Nicolescu]

On 03/04/2024 17:26, Bethany Jamison wrote:
> [Impact]
>
>   The brcm80211 component in the Linux kernel through 6.5.10 has a
>   brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect
>   the USB by hotplug) code. For physically proximate attackers with local
>   access, this "could be exploited in a real world scenario." This is related
>   to brcmf_cfg80211_escan_timeout_worker in
>   drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.
>
> [Fix]
>
> Mantic:	Clean cherry-pick.
> Jammy:	Mantic patch applied cleanly.
> Focal:	Backport - used del_timer_sync in place of timer_delete_sync.
> Bionic:	fix sent to esm ML
> Xenial:	fix sent to esm ML
> Trusty:	not going to be fixed by us
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use the brcm80211 driver who then disconnect
> the USB via hotplug, issues with this fix would be visable via some
> undefined behavior from the system. This fix has a fairly low risk of
> regression though the risk is slightly increased in Focal because I had
> to swap the timer deletion sync functions.
>
> Zheng Wang (1):
>    wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
>
>   drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
Applied to mantic, jammy, focal master-next branches. Thanks!