[lvc-project] [PATCH 5.4/5.10 0/1] Backport fix for CVE-2023-52531
Nikita Zhandarovich
n.zhandarovich at fintech.ru
Fri Nov 29 15:58:12 MSK 2024
This patch fixes CVE-2023-52531 [1] present in 5.4 and 5.10 stable
kernels. The vulnerability concerns flawed pointer arithmetic in
iwlwifi driver caused by use of spurious casting to (u8 *). Original
upstream commit [3] removed that cast but kept a change to increment
a pointer first and only then cast it to (void *) or other type.
However, as older branches did not receive commit 3827cb59b3b8
("iwlwifi: avoid void pointer arithmetic") [2], the aforementioned
kept change is also missing, which should be corrected and applied
to other vulnerable versions. This backport ensures that correction
and keeps away from dangerous void pointer arithmetic.
[PATCH 5.4/5.10 1/1] wifi: iwlwifi: mvm: Fix a memory corruption issue
Change 'channels' pointer before casting it to (void *).
Fixes [1].
[1] https://nvd.nist.gov/vuln/detail/cve-2023-52531
[2] https://github.com/torvalds/linux/commit/3827cb59b3b8ce4b1687385d35034dadcd90d7ce
[3] https://github.com/torvalds/linux/commit/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d
More information about the lvc-project
mailing list