Skip to content

Commit f442280

Browse files
zampierilucaszampierilucas
committed
Merge: CVE-2024-42225: wifi: mt76: replace skb_put with skb_put_zero
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/4924 JIRA: https://issues.redhat.com/browse/RHEL-52367 CVE: CVE-2024-42225 ``` wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 7f819a2) ``` Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com> Approved-by: José Ignacio Tornos Martínez <jtornosm@redhat.com> Approved-by: Michal Schmidt <mschmidt@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Lucas Zampieri <lzampier@redhat.com>
2 parents 78e8b5a + c4c41ba commit f442280

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -257,7 +257,7 @@ mt76_connac_mcu_add_nested_tlv(struct sk_buff *skb, int tag, int len,
257257
};
258258
u16 ntlv;
259259

260-
ptlv = skb_put(skb, len);
260+
ptlv = skb_put_zero(skb, len);
261261
memcpy(ptlv, &tlv, sizeof(tlv));
262262

263263
ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
@@ -1670,7 +1670,7 @@ int mt76_connac_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
16701670
set_bit(MT76_HW_SCANNING, &phy->state);
16711671
mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
16721672

1673-
req = (struct mt76_connac_hw_scan_req *)skb_put(skb, sizeof(*req));
1673+
req = (struct mt76_connac_hw_scan_req *)skb_put_zero(skb, sizeof(*req));
16741674

16751675
req->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
16761676
req->bss_idx = mvif->idx;
@@ -1798,7 +1798,7 @@ int mt76_connac_mcu_sched_scan_req(struct mt76_phy *phy,
17981798

17991799
mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
18001800

1801-
req = (struct mt76_connac_sched_scan_req *)skb_put(skb, sizeof(*req));
1801+
req = (struct mt76_connac_sched_scan_req *)skb_put_zero(skb, sizeof(*req));
18021802
req->version = 1;
18031803
req->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
18041804

@@ -2321,7 +2321,7 @@ int mt76_connac_mcu_update_gtk_rekey(struct ieee80211_hw *hw,
23212321
return -ENOMEM;
23222322

23232323
skb_put_data(skb, &hdr, sizeof(hdr));
2324-
gtk_tlv = (struct mt76_connac_gtk_rekey_tlv *)skb_put(skb,
2324+
gtk_tlv = (struct mt76_connac_gtk_rekey_tlv *)skb_put_zero(skb,
23252325
sizeof(*gtk_tlv));
23262326
gtk_tlv->tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_GTK_REKEY);
23272327
gtk_tlv->len = cpu_to_le16(sizeof(*gtk_tlv));
@@ -2446,7 +2446,7 @@ mt76_connac_mcu_set_wow_pattern(struct mt76_dev *dev,
24462446
return -ENOMEM;
24472447

24482448
skb_put_data(skb, &hdr, sizeof(hdr));
2449-
ptlv = (struct mt76_connac_wow_pattern_tlv *)skb_put(skb, sizeof(*ptlv));
2449+
ptlv = (struct mt76_connac_wow_pattern_tlv *)skb_put_zero(skb, sizeof(*ptlv));
24502450
ptlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
24512451
ptlv->len = cpu_to_le16(sizeof(*ptlv));
24522452
ptlv->data_len = pattern->pattern_len;

drivers/net/wireless/mediatek/mt76/mt7915/mcu.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -424,7 +424,7 @@ mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
424424
.len = cpu_to_le16(sub_len),
425425
};
426426

427-
ptlv = skb_put(skb, sub_len);
427+
ptlv = skb_put_zero(skb, sub_len);
428428
memcpy(ptlv, &tlv, sizeof(tlv));
429429

430430
le16_add_cpu(sub_ntlv, 1);

0 commit comments

Comments
 (0)