CVE-2023-54036

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU<br /> <br /> The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?)<br /> when it&amp;#39;s connected to a bluetooth audio device. The busy bluetooth<br /> traffic generates lots of C2H (card to host) messages, which are not<br /> freed correctly.<br /> <br /> To fix this, move the dev_kfree_skb() call in rtl8xxxu_c2hcmd_callback()<br /> inside the loop where skb_dequeue() is called.<br /> <br /> The RTL8192EU leaks memory because the C2H messages are added to the<br /> queue and left there forever. (This was fine in the past because it<br /> probably wasn&amp;#39;t sending any C2H messages until commit e542e66b7c2e<br /> ("wifi: rtl8xxxu: gen2: Turn on the rate control"). Since that commit<br /> it sends a C2H message when the TX rate changes.)<br /> <br /> To fix this, delete the check for rf_paths &gt; 1 and the goto. Let the<br /> function process the C2H messages from RTL8192EU like the ones from<br /> the other chips.<br /> <br /> Theoretically the RTL8188FU could also leak like RTL8723BU, but it<br /> most likely doesn&amp;#39;t send C2H messages frequently enough.<br /> <br /> This change was tested with RTL8723BU by Erhard F. I tested it with<br /> RTL8188FU and RTL8192EU.