[SRU][M][PATCH 0/1] CVE-2024-26694
Jacob Martin
jacob.martin at canonical.com
Tue Apr 23 13:44:19 UTC 2024
It looks like Mantic received this patch from the upstream stable
patchset dated 2024-04-16:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2061814
Jacob
On 4/19/24 12:42 PM, Bethany Jamison wrote:
> [Impact]
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> wifi: iwlwifi: fix double-free bug
>
> The storage for the TLV PC register data wasn't done like all
> the other storage in the drv->fw area, which is cleared at the
> end of deallocation. Therefore, the freeing must also be done
> differently, explicitly NULL'ing it out after the free, since
> otherwise there's a nasty double-free bug here if a file fails
> to load after this has been parsed, and we get another free
> later (e.g. because no other file exists.) Fix that by adding
> the missing NULL assignment.
>
> [Fix]
>
> Mantic: Clean cherry-pick from linux-6.7.y
> Jammy: not-affected
> Focal: not-affected
> Bionic: not-affected
> Xenial: not-affected
> Trusty: not-affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects those who use iwlwifi (intel wireless wifi), an
> issue with this fix would be visable to the user via unpredicted
> system behavior or a system crash.
>
> Johannes Berg (1):
> wifi: iwlwifi: fix double-free bug
>
> drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 1 +
> 1 file changed, 1 insertion(+)
>
More information about the kernel-team
mailing list