| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026021437-CVE-2026-23133-19ce@gregkh> Date: Sat, 14 Feb 2026 16:14:39 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2026-23133: wifi: ath10k: fix dma_free_coherent() pointer From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses. The Linux kernel CVE team has assigned CVE-2026-23133 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 5.10.249 with commit e2dda298ef809aa201ea7c0904c4d064f6c497cb Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 5.15.199 with commit fc8da65f9fe1bc6802f8240b342cfff4f5c7e841 Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 6.1.162 with commit b0ad924332a96550a84b8c0ae5483e7042d65fa9 Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 6.6.122 with commit 1928851334ecfd6e0d663121ab69ac639d4217a6 Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 6.12.68 with commit 5d6fa4d2c9799c09389588da5118a72d97d87e92 Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 6.18.8 with commit 07f363f305793baecad41816f73056252f3df61e Issue introduced in 4.16 with commit 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 and fixed in 6.19 with commit 9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-23133 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/ath/ath10k/ce.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e2dda298ef809aa201ea7c0904c4d064f6c497cb https://git.kernel.org/stable/c/fc8da65f9fe1bc6802f8240b342cfff4f5c7e841 https://git.kernel.org/stable/c/b0ad924332a96550a84b8c0ae5483e7042d65fa9 https://git.kernel.org/stable/c/1928851334ecfd6e0d663121ab69ac639d4217a6 https://git.kernel.org/stable/c/5d6fa4d2c9799c09389588da5118a72d97d87e92 https://git.kernel.org/stable/c/07f363f305793baecad41816f73056252f3df61e https://git.kernel.org/stable/c/9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f
Powered by blists - more mailing lists