CVE-2024-56609

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb<br /> <br /> When removing kernel modules by:<br /> rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core<br /> <br /> Driver uses skb_queue_purge() to purge TX skb, but not report tx status<br /> causing "Have pending ack frames!" warning. Use ieee80211_purge_tx_queue()<br /> to correct this.<br /> <br /> Since ieee80211_purge_tx_queue() doesn&amp;#39;t take locks, to prevent racing<br /> between TX work and purge TX queue, flush and destroy TX work in advance.<br /> <br /> wlan0: deauthenticating from aa:f5:fd:60:4c:a8 by local<br /> choice (Reason: 3=DEAUTH_LEAVING)<br /> ------------[ cut here ]------------<br /> Have pending ack frames!<br /> WARNING: CPU: 3 PID: 9232 at net/mac80211/main.c:1691<br /> ieee80211_free_ack_frame+0x5c/0x90 [mac80211]<br /> CPU: 3 PID: 9232 Comm: rmmod Tainted: G C<br /> 6.10.1-200.fc40.aarch64 #1<br /> Hardware name: pine64 Pine64 PinePhone Braveheart<br /> (1.1)/Pine64 PinePhone Braveheart (1.1), BIOS 2024.01 01/01/2024<br /> pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : ieee80211_free_ack_frame+0x5c/0x90 [mac80211]<br /> lr : ieee80211_free_ack_frame+0x5c/0x90 [mac80211]<br /> sp : ffff80008c1b37b0<br /> x29: ffff80008c1b37b0 x28: ffff000003be8000 x27: 0000000000000000<br /> x26: 0000000000000000 x25: ffff000003dc14b8 x24: ffff80008c1b37d0<br /> x23: ffff000000ff9f80 x22: 0000000000000000 x21: 000000007fffffff<br /> x20: ffff80007c7e93d8 x19: ffff00006e66f400 x18: 0000000000000000<br /> x17: ffff7ffffd2b3000 x16: ffff800083fc0000 x15: 0000000000000000<br /> x14: 0000000000000000 x13: 2173656d61726620 x12: 6b636120676e6964<br /> x11: 0000000000000000 x10: 000000000000005d x9 : ffff8000802af2b0<br /> x8 : ffff80008c1b3430 x7 : 0000000000000001 x6 : 0000000000000001<br /> x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000<br /> x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000003be8000<br /> Call trace:<br /> ieee80211_free_ack_frame+0x5c/0x90 [mac80211]<br /> idr_for_each+0x74/0x110<br /> ieee80211_free_hw+0x44/0xe8 [mac80211]<br /> rtw_sdio_remove+0x9c/0xc0 [rtw88_sdio]<br /> sdio_bus_remove+0x44/0x180<br /> device_remove+0x54/0x90<br /> device_release_driver_internal+0x1d4/0x238<br /> driver_detach+0x54/0xc0<br /> bus_remove_driver+0x78/0x108<br /> driver_unregister+0x38/0x78<br /> sdio_unregister_driver+0x2c/0x40<br /> rtw_8723cs_driver_exit+0x18/0x1000 [rtw88_8723cs]<br /> __do_sys_delete_module.isra.0+0x190/0x338<br /> __arm64_sys_delete_module+0x1c/0x30<br /> invoke_syscall+0x74/0x100<br /> el0_svc_common.constprop.0+0x48/0xf0<br /> do_el0_svc+0x24/0x38<br /> el0_svc+0x3c/0x158<br /> el0t_64_sync_handler+0x120/0x138<br /> el0t_64_sync+0x194/0x198<br /> ---[ end trace 0000000000000000 ]---