[SRU][M][PATCH 0/1] CVE-2024-26694
Bethany Jamison
bethany.jamison at canonical.com
Fri Apr 19 17:42:57 UTC 2024
[Impact]
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix double-free bug
The storage for the TLV PC register data wasn't done like all
the other storage in the drv->fw area, which is cleared at the
end of deallocation. Therefore, the freeing must also be done
differently, explicitly NULL'ing it out after the free, since
otherwise there's a nasty double-free bug here if a file fails
to load after this has been parsed, and we get another free
later (e.g. because no other file exists.) Fix that by adding
the missing NULL assignment.
[Fix]
Mantic: Clean cherry-pick from linux-6.7.y
Jammy: not-affected
Focal: not-affected
Bionic: not-affected
Xenial: not-affected
Trusty: not-affected
[Test Case]
Compile and boot tested.
[Where problems could occur]
This fix affects those who use iwlwifi (intel wireless wifi), an
issue with this fix would be visable to the user via unpredicted
system behavior or a system crash.
Johannes Berg (1):
wifi: iwlwifi: fix double-free bug
drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 +
1 file changed, 1 insertion(+)
--
2.34.1
More information about the kernel-team
mailing list