microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/net
История
Johannes Berg b79110f2bf wifi: mac80211: fix use-after-free in chanctx code 
commit 2965c4cdf7 upstream.

In ieee80211_vif_use_reserved_context(), when we have an
old context and the new context's replace_state is set to
IEEE80211_CHANCTX_REPLACE_NONE, we free the old context
in ieee80211_vif_use_reserved_reassign(). Therefore, we
cannot check the old_ctx anymore, so we should set it to
NULL after this point.

However, since the new_ctx replace state is clearly not
IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do
anything else in this function and can just return to
avoid accessing the freed old_ctx.

Cc: stable@vger.kernel.org
Fixes: 5bcae31d9c ("mac80211: implement multi-vif in-place reservations")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/20220601091926.df419d91b165.I17a9b3894ff0b8323ce2afdb153b101124c821e5@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-06-09 10:23:18 +02:00
..
6lowpan
9p xen/9p: use alloc/free_pages_exact() 2022-03-11 12:22:36 +01:00
802
8021q net: vlan: fix underflow for the real_dev refcnt 2021-12-01 09:04:53 +01:00
appletalk
atm
ax25 ax25: Fix UAF bugs in ax25 timers 2022-04-20 09:34:22 +02:00
batman-adv batman-adv: Don't skb_split skbuffs with frag_list 2022-05-18 10:26:47 +02:00
bluetooth Bluetooth: use hdev lock for accept_list and reject_list in conn req 2022-06-09 10:22:58 +02:00
bpf bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide 2022-04-13 20:59:25 +02:00
bpfilter
bridge net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. 2022-05-25 09:57:34 +02:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-14 12:51:15 +01:00
can can: isotp: remove re-binding of bound socket 2022-05-12 12:30:09 +02:00
ceph libceph: fix potential use-after-free on linger ping and resends 2022-05-25 09:57:28 +02:00
core net: remove two BUG() from skb_checksum_help() 2022-06-09 10:22:36 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-08 19:12:52 +01:00
dccp tcp: switch orphan_count to bare per-cpu counters 2021-11-18 19:16:33 +01:00
decnet
dns_resolver
dsa net: dsa: Add missing of_node_put() in dsa_port_link_register_of 2022-05-09 09:14:34 +02:00
ethernet
ethtool ethtool: do not perform operations on net devices being unregistered 2021-12-14 10:57:09 +01:00
hsr
ieee802154 net: ieee802154: Return meaningful error codes from the netlink helpers 2022-02-08 18:34:09 +01:00
ife
ipv4 xfrm: fix "disable_policy" flag use when arriving from different devices 2022-05-25 09:57:30 +02:00
ipv6 ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL 2022-06-09 10:22:35 +02:00
iucv
kcm
key net: af_key: check encryption module availability consistency 2022-06-06 08:43:36 +02:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-09 11:00:20 +01:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 14:38:53 +02:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-28 09:58:46 +02:00
mac80211 wifi: mac80211: fix use-after-free in chanctx code 2022-06-09 10:23:18 +02:00
mac802154 ieee802154: Remove redundant initialization of variable ret 2021-09-07 14:06:08 +01:00
mctp mctp: Fix check for dev_hard_header() result 2022-04-13 20:59:16 +02:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 09:04:47 +01:00
mptcp mptcp: reset the packet scheduler on PRIO change 2022-06-09 10:22:46 +02:00
ncsi net/ncsi: check for error return from call to nla_put_u32 2022-01-05 12:42:37 +01:00
netfilter netfilter: nf_tables: double hook unregistration in netns path 2022-06-06 08:43:38 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-04-13 20:59:10 +02:00
netlink netlink: do not reset transport header in netlink_recvmsg() 2022-05-18 10:26:49 +02:00
netrom netrom: fix api breakage in nr_setsockopt() 2022-01-27 11:04:00 +01:00
nfc NFC: NULL out the dev->rfkill to prevent UAF 2022-06-09 10:22:46 +02:00
nsh
openvswitch netfilter: conntrack: convert to refcount_t api 2022-04-27 14:39:01 +02:00
packet net/packet: fix packet_sock xmit return value checking 2022-04-27 14:38:53 +02:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:35:16 +01:00
psample
qrtr net: qrtr: revert check in qrtr_endpoint_post() 2021-09-02 11:37:02 +01:00
rds rds: memory leak in __rds_conn_create() 2021-12-22 09:32:42 +01:00
rfkill rfkill: make new event layout opt-in 2022-04-08 14:23:00 +02:00
rose
rxrpc rxrpc: Fix decision on when to generate an IDLE ACK 2022-06-09 10:23:02 +02:00
sched net/sched: act_pedit: sanitize shift argument before usage 2022-05-25 09:57:30 +02:00
sctp sctp: read sk->sk_bound_dev_if once in sctp_rcv() 2022-06-09 10:22:59 +02:00
smc net/smc: postpone sk_refcnt increment in connect() 2022-06-09 10:23:03 +02:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 19:17:11 +01:00
sunrpc SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() 2022-05-18 10:26:57 +02:00
switchdev
tipc tipc: fix the timer expires after interval 100ms 2022-04-08 14:23:43 +02:00
tls tls: Fix context leak on tls_device_down 2022-05-18 10:26:51 +02:00
unix af_unix: Support POLLPRI for OOB. 2022-04-08 14:24:14 +02:00
vmw_vsock vsock/virtio: enable VQs early on probe 2022-04-08 14:23:51 +02:00
wireless nl80211: don't hold RTNL in color change request 2022-06-09 10:22:53 +02:00
x25 net/x25: Fix null-ptr-deref caused by x25_disconnect 2022-04-08 14:23:53 +02:00
xdp xsk: Fix l2fwd for copy mode + busy poll combo 2022-05-09 09:14:32 +02:00
xfrm xfrm: rework default policy structure 2022-05-25 09:57:30 +02:00
Kconfig
Makefile
compat.c
devres.c
socket.c net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets 2022-01-27 11:03:52 +01:00
sysctl_net.c