| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024122727-CVE-2024-56543-a959@gregkh> Date: Fri, 27 Dec 2024 15:11:34 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-56543: wifi: ath12k: Skip Rx TID cleanup for self peer Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] report_bug+0x10b/0x200 handle_bug+0x3f/0x70 exc_invalid_op+0x13/0x60 asm_exc_invalid_op+0x16/0x20 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k] ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k] ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k] ath12k_core_halt+0x3b/0x100 [ath12k] ath12k_core_reset+0x494/0x4c0 [ath12k] sta object in peer will be updated when remote peer is created. Hence use peer::sta to detect the self peer and skip the cleanup. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 The Linux kernel CVE team has assigned CVE-2024-56543 to this issue. Affected and fixed versions =========================== Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.6.64 with commit d73da0dd2853887b7aab71f0d572fd3314dafafe Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.11.11 with commit a1e2d6738b29c74c2024eb23167dfff68aadd984 Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.12.2 with commit a052483d495a4dc62c814f2fd17d0ceb308fc6a6 Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.13-rc1 with commit 1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-56543 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/ath/ath12k/mac.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d73da0dd2853887b7aab71f0d572fd3314dafafe https://git.kernel.org/stable/c/a1e2d6738b29c74c2024eb23167dfff68aadd984 https://git.kernel.org/stable/c/a052483d495a4dc62c814f2fd17d0ceb308fc6a6 https://git.kernel.org/stable/c/1a0c640ce1cdcde3eb131a0c1e70ca1ed7cf27cb
Powered by blists - more mailing lists