android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71fbc3af3d
android_kernel_xiaomi_sm8450/net
History
Johannes Berg e8e599a635 wifi: mac80211: fix potential key use-after-free 
commit 31db78a4923ef5e2008f2eed321811ca79e7f71b upstream.

When ieee80211_key_link() is called by ieee80211_gtk_rekey_add()
but returns 0 due to KRACK protection (identical key reinstall),
ieee80211_gtk_rekey_add() will still return a pointer into the
key, in a potential use-after-free. This normally doesn't happen
since it's only called by iwlwifi in case of WoWLAN rekey offload
which has its own KRACK protection, but still better to fix, do
that by returning an error code and converting that to success on
the cfg80211 boundary only, leaving the error for bad callers of
ieee80211_gtk_rekey_add().

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Fixes: fdf7cb4185 ("mac80211: accept key reinstall without changing anything")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Sherry: bp to fix CVE-2023-52530, resolved minor conflicts in
  net/mac80211/cfg.c because of context change due to missing commit
  23a5f0af6ff4 ("wifi: mac80211: remove cipher scheme support")
  ccdde7c74ffd ("wifi: mac80211: properly implement MLO key handling")]
Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-10-22 15:39:24 +02:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:50:34 +02:00
9p net/9p: fix uninit-value in p9_client_rpc() 2024-06-16 13:32:34 +02:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2023-01-14 10:16:18 +01:00
8021q gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers 2024-09-12 11:06:47 +02:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 15:44:29 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 15:44:28 +01:00
ax25 net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg 2022-06-22 14:13:17 +02:00
batman-adv batman-adv: Don't accept TT entries for out-of-spec VIDs 2024-07-05 09:12:54 +02:00
bluetooth Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change 2024-10-17 15:08:34 +02:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2023-01-14 10:15:31 +01:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:56:29 +02:00
bridge netfilter: br_netfilter: fix panic with metadata_dst skb 2024-10-17 15:08:34 +02:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:45:11 +01:00
can can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). 2024-10-17 15:07:41 +02:00
ceph libceph: fix race between delayed_work() and ceph_monc_stop() 2024-07-18 13:05:49 +02:00
core net: add more sanity checks to qdisc_pkt_len_init() 2024-10-17 15:08:07 +02:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 11:57:50 +02:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 11:06:55 +01:00
decnet Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
dns_resolver keys, dns: Fix size check of V1 server-list header 2024-01-25 14:37:50 -08:00
dsa net: dsa: tag_sja1105: fix MAC DA patching from meta frames 2023-07-27 08:44:10 +02:00
ethernet gro: remove rcu_read_lock/rcu_read_unlock from gro_complete handlers 2024-09-12 11:06:47 +02:00
ethtool ethtool: check device is present when getting link settings 2024-09-04 13:17:46 +02:00
hsr hsr: Handle failures in module init 2024-03-26 18:22:03 -04:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-11-03 23:57:51 +09:00
ife net: sched: ife: fix potential use-after-free 2024-01-05 15:12:24 +01:00
ipv4 net: Handle l3mdev in ip_tunnel_init_flow 2024-10-17 15:08:38 +02:00
ipv6 netfilter: ip6t_rpfilter: Fix regression with VRF interfaces 2024-10-17 15:08:38 +02:00
iucv s390/iucv: fix receive buffer virtual vs physical address confusion 2024-09-04 13:17:38 +02:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-09-04 13:17:40 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-26 15:26:51 +02:00
l2tp l2tp: fix lockdep splat 2024-08-19 05:41:11 +02:00
l3mdev net: Add l3mdev index to flow struct and avoid oif reset for port devices 2024-10-17 15:08:35 +02:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:29:14 +01:00
llc llc: call sock_orphan() at release time 2024-02-23 08:42:17 +01:00
mac80211 wifi: mac80211: fix potential key use-after-free 2024-10-22 15:39:24 +02:00
mac802154 net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() 2024-07-27 10:40:21 +02:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:55:58 +01:00
mptcp mptcp: fix sometimes-uninitialized warning 2024-10-17 15:07:59 +02:00
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-07-05 09:12:22 +02:00
netfilter netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS 2024-10-17 15:07:58 +02:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-01-25 14:37:40 -08:00
netlink net: Fix an unsafe loop on the list 2024-10-17 15:08:37 +02:00
netrom netrom: Fix a memory leak in nr_heartbeat_expiry() 2024-07-05 09:12:37 +02:00
nfc nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() 2024-06-16 13:32:27 +02:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-05-17 11:48:00 +02:00
openvswitch openvswitch: Set the skbuff pkt_type for proper pmtud support. 2024-06-16 13:32:27 +02:00
packet af_packet: Handle outgoing VLAN packets without hardware offloading 2024-08-19 05:40:55 +02:00
phonet phonet: fix rtm_phonet_notify() skb allocation 2024-05-17 11:48:07 +02:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:27:06 +01:00
qrtr net: qrtr: Update packets cloning when broadcasting 2024-10-17 15:07:58 +02:00
rds net:rds: Fix possible deadlock in rds_message_put 2024-09-04 13:17:45 +02:00
rfkill net: rfkill: gpio: set GPIO direction 2024-01-05 15:12:28 +01:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-05 15:12:24 +01:00
rxrpc rxrpc: Fix response to PING RESPONSE ACKs to a dead call 2024-02-23 08:42:20 +01:00
sched net/sched: accept TCA_STAB only for root qdisc 2024-10-17 15:08:35 +02:00
sctp sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start 2024-10-17 15:08:35 +02:00
smc net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined 2024-08-19 05:40:44 +02:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 14:04:27 +01:00
sunrpc net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket 2024-09-12 11:06:51 +02:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:37:12 +01:00
tipc tipc: guard against string buffer overrun 2024-10-17 15:08:11 +02:00
tls tls: fix missing memory barrier in tls_init 2024-06-16 13:32:27 +02:00
unix af_unix: Remove put_pid()/put_cred() in copy_peercred(). 2024-09-12 11:06:45 +02:00
vmw_vsock virtio/vsock: fix logic which reduces credit update messages 2024-01-25 14:37:45 -08:00
wimax genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
wireless wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors 2024-10-17 15:07:40 +02:00
x25 net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-03-26 18:21:54 -04:00
xdp xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING 2024-05-02 16:23:33 +02:00
xfrm xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup 2024-10-17 15:08:38 +02:00
compat.c net: Return the correct errno code 2021-06-18 10:00:06 +02:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
Makefile Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
socket.c net: Save and restore msg_namelen in sock_sendmsg 2024-01-15 18:48:04 +01:00
sysctl_net.c