ACK: [SRU][F][PATCH 0/1] CVE-2024-40911
Thibault Ferrante
thibault.ferrante at canonical.com
Tue Jan 7 15:10:04 UTC 2025
Acked-by: Thibault Ferrante <thibault.ferrante at canonical.com>
On 19-11-2024 12:04, Massimiliano Pellizzer wrote:
> [Impact]
>
> wifi: cfg80211: Lock wiphy in cfg80211_get_station
>
> Wiphy should be locked before calling rdev_get_station() (see lockdep
> assert in ieee80211_get_station()).
>
> This fixes a kernel NULL dereference, caused by the fact that
> STA has time to disconnect and reconnect before
> batadv_v_elp_throughput_metric_update() delayed work gets scheduled. In
> this situation, ath10k_sta_state() can be in the middle of resetting
> arsta data when the work queue get chance to be scheduled and ends up
> accessing it. Locking wiphy prevents that.
>
> [Fix]
>
> Oraculr: Not affected
> Noble: Fixed
> Jammy: Fixed
> Focal: Backported from mainline
> Bionic: Sent to ESM ML
> Xenial: Sent to ESM ML
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix affects the cfg80211 subsystem. An issue with this patch may
> lead to incorrect locking behavior, which could result in deadlocks or
> kernel hangs. Users may also experience failures in wireless
> connectivity.
>
> Remi Pommarel (1):
> wifi: cfg80211: Lock wiphy in cfg80211_get_station
>
> net/wireless/util.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
More information about the kernel-team
mailing list