ACK: [SRU][N][PATCH 0/1] CVE-2024-53156
Magali Lemes
magali.lemes at canonical.com
Tue Feb 11 13:21:37 UTC 2025
On 10/02/2025 14:31, Bethany Jamison wrote:
> [Impact]
>
> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
>
> There is an array index out of bounds in drivers/net/wireless/ath/ath9k/htc_hst.c
> caused by insufficient verification of conn_rsp_epid. To fix this add a range check for
> conn_rsp_epid to htc_connect_service() to prevent the bug from occurring.
>
> [Fix]
>
> Oracular: pending (6.11.0-17.17)
> Noble: Clean cherry-pick from linux-6.11.y
> Jammy: pending
> Focal: pending
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: won't fix as it is not critical
>
> [Test Case]
>
> Compile tested.
>
> [Where problems could occur]
>
> This fix affects those who use Atheros 802.11n USB chipsets,
> an issue with this fix would be visible to the user via unexpected
> system behavior.
>
> Jeongjun Park (1):
> wifi: ath9k: add range check for conn_rsp_epid in
> htc_connect_service()
>
> drivers/net/wireless/ath/ath9k/htc_hst.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Acked-by: Magali Lemes <magali.lemes at canonical.com>
More information about the kernel-team
mailing list