[PATCH ath-next] wifi: ath12k: fix uaf in ath12k_core_init()
Jeff Johnson
jeff.johnson at oss.qualcomm.com
Sat Jun 7 07:44:04 PDT 2025
On Wed, 04 Jun 2025 13:52:50 +0800, Miaoqing Pan wrote:
> When the execution of ath12k_core_hw_group_assign() or
> ath12k_core_hw_group_create() fails, the registered notifier chain is not
> unregistered properly. Its memory is freed after rmmod, which may trigger
> to a use-after-free (UAF) issue if there is a subsequent access to this
> notifier chain.
>
> Fixes the issue by calling ath12k_core_panic_notifier_unregister() in
> failure cases.
>
> [...]
Applied, thanks!
[1/1] wifi: ath12k: fix uaf in ath12k_core_init()
commit: f3fe49dbddd73f0155a8935af47cb63693069dbe
Best regards,
--
Jeff Johnson <jeff.johnson at oss.qualcomm.com>
More information about the ath12k
mailing list