Search Linux Wireless

Re: [PATCH] iwlwifi: fix use-after-free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote:

> From: Johannes Berg <johannes.berg@xxxxxxxxx>
> 
> If no firmware was present at all (or, presumably, all of the
> firmware files failed to parse), we end up unbinding by calling
> device_release_driver(), which calls remove(), which then in
> iwlwifi calls iwl_drv_stop(), freeing the 'drv' struct. However
> the new code I added will still erroneously access it after it
> was freed.
> 
> Set 'failure=false' in this case to avoid the access, all data
> was already freed anyway.
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Stefan Agner <stefan@xxxxxxxx>
> Reported-by: Wolfgang Walter <linux@xxxxxxx>
> Reported-by: Jason Self <jason@xxxxxxxxxxxx>
> Reported-by: Dominik Behr <dominik@xxxxxxxxxxxxxxx>
> Reported-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
> Fixes: ab07506b0454 ("iwlwifi: fix leaks/bad data after failed firmware load")
> Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>

Patch applied to wireless.git, thanks.

bea2662e7818 iwlwifi: fix use-after-free

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/20220208114728.e6b514cf4c85.Iffb575ca2a623d7859b542c33b2a507d01554251@changeid/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches




[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux