CVE-2025-38292: wifi: ath12k: fix invalid access to memory

CKI Backport Botrequested to merge
redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream/src/kernel/centos-stream-9:backport-RHEL-103222-centos-stream-9-main into main

JIRA: https://issues.redhat.com/browse/RHEL-103222
CVE: CVE-2025-38292

commit 9f17747fbda6fca934854463873c4abf8061491d
Author: Sarika Sharma <quic_sarishar@quicinc.com>
Date:   Tue Apr 8 10:23:27 2025 +0530

    wifi: ath12k: fix invalid access to memory
    
    In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean
    is_continuation is part of rxcb.
    Currently, after freeing the skb, the rxcb->is_continuation accessed
    again which is wrong since the memory is already freed.
    This might lead use-after-free error.
    
    Hence, fix by locally defining bool is_continuation from rxcb,
    so that after freeing skb, is_continuation can be used.
    
    Compile tested only.
    
    Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices")
    Signed-off-by: Sarika Sharma <quic_sarishar@quicinc.com>
    Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
    Link: https://patch.msgid.link/20250408045327.1632222-1-quic_sarishar@quicinc.com
    Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>

Signed-off-by: CKI Backport Bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

Created 2025-07-11 21:30 UTC by backporter - KWF FAQ - Slack #team-kernel-workflow - Source - Documentation - Report an issue

Merge request reports