Kalle Valo <kvalo@xxxxxxxxxxxxxx> writes: > Antti Antinoja <antti@xxxxxxxxxxx> writes: > >> Please refer to: >> >> * https://grsecurity.net/the_life_of_a_bad_security_fix >> * >> https://github.com/torvalds/linux/commit/3d94a4a8373bf5f45cf5f939e88b8354dbf2311b#diff-c5e2f17b92b8e8f30306c5dd148d874f >> >> At quick glance it looks to me like the issue really is there: Not >> calling rcu_read_unlock() before return on line 237. > > Ganapahti, can you send a fix this for this? > > Remember to add to the commit log: > > Fixes: 3d94a4a8373b ("mwifiex: fix possible heap overflow in mwifiex_process_country_ie()") Oh, there was already a fix available: https://patchwork.kernel.org/patch/11320227/ It just got piled up with all the patches. -- https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
