Bug 1225001 (CVE-2023-52769) - VUL-0: CVE-2023-52769: kernel: wifi: ath12k: fix htt mlo-offset event locking
Summary: VUL-0: CVE-2023-52769: kernel: wifi: ath12k: fix htt mlo-offset event locking
Status: RESOLVED INVALID
Alias: CVE-2023-52769
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/407141/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52769:6.4:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 13:06 UTC by SMASH SMASH
Modified: 2024-07-08 15:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-22 13:06:53 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix htt mlo-offset event locking

The ath12k active pdevs are protected by RCU but the htt mlo-offset
event handling code calling ath12k_mac_get_ar_by_pdev_id() was not
marked as a read-side critical section.

Mark the code in question as an RCU read-side critical section to avoid
any potential use-after-free issues.

Compile tested only.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52769
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2023/CVE-2023-52769.mbox
https://git.kernel.org/stable/c/d908ca431e20b0e4bfc5d911d1744910ed779bdb
https://git.kernel.org/stable/c/afd3425bd69610f318403084fe491e24a1357fb9
https://git.kernel.org/stable/c/6afc57ea315e0f660b1f870a681737bb7b71faef
https://www.cve.org/CVERecord?id=CVE-2023-52769
Comment 2 Carlos López 2024-05-28 10:45:20 UTC 
Nothing to do, closing.