CVE-2024-56543

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath12k: Skip Rx TID cleanup for self peer<br /> <br /> During peer create, dp setup for the peer is done where Rx TID is<br /> updated for all the TIDs. Peer object for self peer will not go through<br /> dp setup.<br /> <br /> When core halts, dp cleanup is done for all the peers. While cleanup,<br /> rx_tid::ab is accessed which causes below stack trace for self peer.<br /> <br /> WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851<br /> Call Trace:<br /> __warn+0x7b/0x1a0<br /> ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]<br /> report_bug+0x10b/0x200<br /> handle_bug+0x3f/0x70<br /> exc_invalid_op+0x13/0x60<br /> asm_exc_invalid_op+0x16/0x20<br /> ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]<br /> ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]<br /> ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]<br /> ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]<br /> ath12k_core_halt+0x3b/0x100 [ath12k]<br /> ath12k_core_reset+0x494/0x4c0 [ath12k]<br /> <br /> sta object in peer will be updated when remote peer is created. Hence<br /> use peer::sta to detect the self peer and skip the cleanup.<br /> <br /> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1<br /> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3