CVE-2023-53822

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: Ignore frags from uninitialized peer in dp.<br /> <br /> When max virtual ap interfaces are configured in all the bands with<br /> ACS and hostapd restart is done every 60s, a crash is observed at<br /> random times.<br /> In this certain scenario, a fragmented packet is received for<br /> self peer, for which rx_tid and rx_frags are not initialized in<br /> datapath. While handling this fragment, crash is observed as the<br /> rx_frag list is uninitialised and when we walk in<br /> ath11k_dp_rx_h_sort_frags, skb null leads to exception.<br /> <br /> To address this, before processing received fragments we check<br /> dp_setup_done flag is set to ensure that peer has completed its<br /> dp peer setup for fragment queue, else ignore processing the<br /> fragments.<br /> <br /> Call trace:<br /> ath11k_dp_process_rx_err+0x550/0x1084 [ath11k]<br /> ath11k_dp_service_srng+0x70/0x370 [ath11k]<br /> 0xffffffc009693a04<br /> __napi_poll+0x30/0xa4<br /> net_rx_action+0x118/0x270<br /> __do_softirq+0x10c/0x244<br /> irq_exit+0x64/0xb4<br /> __handle_domain_irq+0x88/0xac<br /> gic_handle_irq+0x74/0xbc<br /> el1_irq+0xf0/0x1c0<br /> arch_cpu_idle+0x10/0x18<br /> do_idle+0x104/0x248<br /> cpu_startup_entry+0x20/0x64<br /> rest_init+0xd0/0xdc<br /> arch_call_rest_init+0xc/0x14<br /> start_kernel+0x480/0x4b8<br /> Code: f9400281 f94066a2 91405021 b94a0023 (f9406401)<br /> <br /> Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1