From patchwork Fri Nov 29 12:58:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nikita Zhandarovich X-Patchwork-Id: 13888639 Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70E5F19D8A2; Fri, 29 Nov 2024 12:58:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.54.195.159 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732885106; cv=none; b=NdB4/8QK2vDVPd6G8CQrIKWeUfZa0MJGEwE2PfydrGSpZr8heYub+YiW3A5QwCzfRuTcVL3mHHSsn/Quy6vOvDEAYVqQQD6qmLMl32WZdlCno3SAsZ63Cv8wUemEzPzERjCYCIWq6/tTui//4SVkRmbb+/08ptBKAL8MM3+7Fms= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732885106; c=relaxed/simple; bh=Vk6T5ntq83lK1TB+cG9bfXykiD9dvIdJrl3RbTb89Yc=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=ogJOv70EEMj614d3xp35M4TA9XZhod2G28axHyy7F/R/uHYV13hqFPkHKX419rW2elunqf2yc7J0wzkO/8IvZ7DOwS+mFkLFounSp8Jlk7xrAH87RaGrahP+4O8IJCALrIi+fzdstHpD4bEDIO11zNn/u0Ey8+uE/qNx+980WfA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru; spf=pass smtp.mailfrom=fintech.ru; arc=none smtp.client-ip=195.54.195.159 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fintech.ru Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.159) with Microsoft SMTP Server (TLS) id 14.3.498.0; Fri, 29 Nov 2024 15:58:18 +0300 Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Fri, 29 Nov 2024 15:58:18 +0300 From: Nikita Zhandarovich To: , Greg Kroah-Hartman , Sasha Levin CC: Nikita Zhandarovich , Luca Coelho , Kalle Valo , "David S. Miller" , Jakub Kicinski , "Johannes Berg" , , , , Subject: [PATCH 5.4/5.10 0/1] Backport fix for CVE-2023-52531 Date: Fri, 29 Nov 2024 04:58:12 -0800 Message-ID: <20241129125813.25555-1-n.zhandarovich@fintech.ru> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-wireless@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru (10.0.10.18) This patch fixes CVE-2023-52531 [1] present in 5.4 and 5.10 stable kernels. The vulnerability concerns flawed pointer arithmetic in iwlwifi driver caused by use of spurious casting to (u8 *). Original upstream commit [3] removed that cast but kept a change to increment a pointer first and only then cast it to (void *) or other type. However, as older branches did not receive commit 3827cb59b3b8 ("iwlwifi: avoid void pointer arithmetic") [2], the aforementioned kept change is also missing, which should be corrected and applied to other vulnerable versions. This backport ensures that correction and keeps away from dangerous void pointer arithmetic. [PATCH 5.4/5.10 1/1] wifi: iwlwifi: mvm: Fix a memory corruption issue Change 'channels' pointer before casting it to (void *). Fixes [1]. [1] https://nvd.nist.gov/vuln/detail/cve-2023-52531 [2] https://github.com/torvalds/linux/commit/3827cb59b3b8ce4b1687385d35034dadcd90d7ce [3] https://github.com/torvalds/linux/commit/8ba438ef3cacc4808a63ed0ce24d4f0942cfe55d