Re: [PATCH v5] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
From: Kalle Valo
Date: Mon Nov 13 2023 - 07:12:00 EST
Arend van Spriel <arend.vanspriel@xxxxxxxxxxxx> writes:
> On November 8, 2023 4:03:26 AM Zheng Hacker <hackerzheng666@xxxxxxxxx>
> wrote:
>
>> Arend Van Spriel <arend.vanspriel@xxxxxxxxxxxx> 于2023年11月6日周一 23:48写道:
>>>
>>> On November 6, 2023 3:44:53 PM Zheng Hacker <hackerzheng666@xxxxxxxxx> wrote:
>>>
>>>> Thanks! I didn't test it for I don't have a device. Very appreciated
>>>> if anyone could help with that.
>>>
>>> I would volunteer, but it made me dig deep and not sure if there is a
>>> problem to solve here.
>>>
>>> brcmf_cfg80211_detach() calls wl_deinit_priv() -> brcmf_abort_scanning() ->
>>> brcmf_notify_escan_complete() which does delete the timer.
>>>
>>> What am I missing here?
>>
>> Thanks four your detailed review. I did see the code and not sure if
>> brcmf_notify_escan_complete
>> would be triggered for sure. So in the first version I want to delete
>> the pending timer ahead of time.
>
> Why requesting a CVE when you are not sure? Seems a bit hasty to put
> it mildly.
TBH I don't take CVE entries seriously anymore. I don't know what has
happened there.
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches