lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0b376fdcc68442f7b41268bb26cce73e@realtek.com>
Date: Thu, 27 Nov 2025 06:37:09 +0000
From: Ping-Ke Shih <pkshih@...ltek.com>
To: alex bestoso <alexbestoso@...tosotech.com>
CC: "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: Bug Report - Rtlwifi

alex bestoso <alexbestoso@...tosotech.com> wrote:
> Bug Description : 
>     Index out of range. Problem happens on it's own after being connected to a network for a short while.
> 
> Error message : 
>     UBSAN: array-index-out-of-bounds in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c:514:30
>     [  454.351041] index 10 is out of range for type 'rtl_tid_data [9]'
> 
> Kernel Version : 
>     6.18.0-rc6+
> 
> Suggested Solution: 
>     change the file drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c from 
> 
>     513     tid = ieee80211_get_tid(hdr);
>     514     agg_state = sta_entry->tids[tid].agg.agg_state;
>     515     ampdu_density = sta->deflink.ht_cap.ampdu_density;
> 
>     to
> 
>     513     tid = ieee80211_get_tid(hdr);
>     514     if(tid < MAX_TID_COUNT)
>     515         agg_state = sta_entry->tids[tid].agg.agg_state;
>     516     ampdu_density = sta->deflink.ht_cap.ampdu_density;

This change is fine to me. Can you send a patch?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ