lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <173402817940.3419904.18252047613958190039.b4-ty@oss.qualcomm.com>
Date: Thu, 12 Dec 2024 10:29:39 -0800
From: Jeff Johnson <jeff.johnson@....qualcomm.com>
To: Kalle Valo <kvalo@...nel.org>, Jeff Johnson <jjohnson@...nel.org>,
        Rameshkumar Sundaram <quic_ramess@...cinc.com>,
        Sriram R <quic_srirrama@...cinc.com>,
        Aditya Kumar Singh <quic_adisi@...cinc.com>
Cc: Kalle Valo <quic_kvalo@...cinc.com>,
        Jeff Johnson <quic_jjohnson@...cinc.com>,
        linux-wireless@...r.kernel.org, ath12k@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] wifi: ath12k: fix read pointer after free in
 ath12k_mac_assign_vif_to_vdev()


On Tue, 10 Dec 2024 10:56:33 +0530, Aditya Kumar Singh wrote:
> In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different
> radio, it gets deleted from that radio through a call to
> ath12k_mac_unassign_link_vif(). This action frees the arvif pointer.
> Subsequently, there is a check involving arvif, which will result in a
> read-after-free scenario.
> 
> Fix this by moving this check after arvif is again assigned via call to
> ath12k_mac_assign_link_vif().
> 
> [...]

Applied, thanks!

[1/1] wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
      commit: 5a10971c7645a95f5d5dc23c26fbac4bf61801d0

Best regards,
-- 
Jeff Johnson <jeff.johnson@....qualcomm.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ