MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
a9152eb181
linux-yocto/drivers
History
Matvey Kovalev 1f52119809 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() 
commit 3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782 upstream.

If ab->fw.m3_data points to data, then fw pointer remains null.
Further, if m3_mem is not allocated, then fw is dereferenced to be
passed to ath11k_err function.

Replace fw->size by m3_len.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 7db88b962f ("wifi: ath11k: add firmware-2.bin support")
Cc: stable@vger.kernel.org
Signed-off-by: Matvey Kovalev <matvey.kovalev@ispras.ru>
Reviewed-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250917192020.1340-1-matvey.kovalev@ispras.ru
Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-10-06 11:17:52 +02:00
..
accel accel/ivpu: Prevent recovery work from being queued during device removal 2025-09-09 18:58:14 +02:00
accessibility
acpi ACPI: RISC-V: Fix FFH_CPPC_CSR error handling 2025-09-09 18:58:26 +02:00
amba
android
ata ata: libata-scsi: Return aborted command when missing sense and result TF 2025-08-28 16:31:04 +02:00
atm atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). 2025-09-04 15:31:47 +02:00
auxdisplay
base x86/vmscape: Enable the mitigation 2025-09-11 17:21:46 +02:00
bcma
block block: add a queue_limits_commit_update_frozen helper 2025-09-09 18:58:24 +02:00
bluetooth Bluetooth: vhci: Prevent use-after-free by removing debugfs files early 2025-09-09 18:58:07 +02:00
bus bus: mhi: host: Detect events pointing to unexpected TREs 2025-08-28 16:30:54 +02:00
cache
cdrom
cdx cdx: Fix off-by-one error in cdx_rpmsg_probe() 2025-08-28 16:31:09 +02:00
char ipmi: Fix strcpy source and destination the same 2025-08-20 18:30:48 +02:00
clk clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src 2025-08-20 18:30:51 +02:00
clocksource
comedi comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() 2025-08-28 16:31:09 +02:00
connector
counter counter: interrupt-cnt: Protect enable/disable OPs with mutex 2025-06-19 15:32:12 +02:00
cpufreq cpufreq: Initialize cpufreq-based invariance before subsys 2025-10-02 13:44:08 +02:00
cpuidle cpuidle: governors: menu: Avoid selecting states with too much latency 2025-08-28 16:31:08 +02:00
crypto crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 2025-08-28 16:30:55 +02:00
cxl cxl/region: Add a dev_err() on missing target list entries 2025-07-06 11:01:32 +02:00
dax
dca
devfreq PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() 2025-08-20 18:30:23 +02:00
dio
dma dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate 2025-09-19 16:35:51 +02:00
dma-buf Revert "udmabuf: fix vmap_udmabuf error page set" 2025-09-19 16:35:42 +02:00
dpll
edac EDAC/altera: Delete an inappropriate dma_free_coherent() call 2025-09-19 16:35:45 +02:00
eisa
extcon
firewire firewire: core: fix overlooked update of subsystem ABI version 2025-10-02 13:44:05 +02:00
firmware efi: stmm: Fix incorrect buffer allocation method 2025-09-04 15:31:48 +02:00
fpga fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() 2025-08-28 16:31:08 +02:00
fsi
gnss
gpio gpiolib: Extend software-node support to support secondary software-nodes 2025-10-02 13:44:14 +02:00
gpu drm/i915/backlight: Return immediately when scale() finds invalid parameters 2025-10-02 13:44:15 +02:00
greybus
hid HID: asus: add support for missing PX series fn keys 2025-10-02 13:44:12 +02:00
hsi
hte
hv Drivers: hv: Make the sysfs node size for the ring buffer dynamic 2025-08-01 09:48:47 +01:00
hwmon hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM 2025-09-09 18:58:24 +02:00
hwspinlock
hwtracing coresight: Only check bottom two claim bits 2025-07-06 11:01:34 +02:00
i2c i2c: designware: Add quirk for Intel Xe 2025-10-02 13:44:07 +02:00
i3c i3c: master: Initialize ret in i3c_i2c_notifier_call() 2025-08-20 18:30:46 +02:00
idle intel_idle: Allow loading ACPI tables for any family 2025-08-20 18:30:18 +02:00
iio iio: imu: inv_icm42600: change invalid data error to -EBUSY 2025-08-28 16:31:11 +02:00
infiniband IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions 2025-10-02 13:44:07 +02:00
input Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table 2025-09-19 16:35:48 +02:00
interconnect interconnect: qcom: sc8180x: specify num_nodes 2025-08-15 12:13:38 +02:00
iommu iommufd: Fix race during abort for file descriptors 2025-10-02 13:44:15 +02:00
ipack
irqchip irqchip: Build IMX_MU_MSI only on ARM 2025-08-15 12:14:07 +02:00
isdn mISDN: Fix memory leak in dsp_hwec_enable() 2025-09-09 18:58:08 +02:00
leds leds: leds-lp50xx: Handle reg to get correct multi_index 2025-08-20 18:30:43 +02:00
macintosh
mailbox mailbox: Not protect module_put with spin_lock_irqsave 2025-07-06 11:01:32 +02:00
mcb
md dm-stripe: fix a possible integer overflow 2025-09-25 11:13:45 +02:00
media media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID 2025-10-06 11:17:52 +02:00
memory
memstick memstick: Fix deadlock by moving removing flag earlier 2025-08-28 16:31:05 +02:00
message
mfd mfd: cros_ec: Separate charge-control probing from USB-PD 2025-08-20 18:30:56 +02:00
misc misc: rtsx: usb: Ensure mmc child device is active when card is present 2025-08-20 18:30:52 +02:00
mmc mmc: sdhci-cadence: add Mobileye eyeQ support 2025-10-02 13:44:06 +02:00
most most: core: Drop device reference after usage in get_channel() 2025-08-28 16:31:09 +02:00
mtd mtd: spinand: winbond: Fix oob_layout for W25N01JW 2025-09-19 16:35:47 +02:00
mux
net wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() 2025-10-06 11:17:52 +02:00
nfc
ntb
nubus
nvdimm
nvme nvme: fix PI insert on write 2025-09-25 11:13:41 +02:00
nvmem nvmem: layouts: u-boot-env: remove crc32 endianness conversion 2025-07-24 08:56:21 +02:00
of of_numa: fix uninitialized memory nodes causing kernel panic 2025-09-09 18:58:16 +02:00
opp
parisc
parport
pci PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up 2025-09-04 15:31:56 +02:00
pcmcia pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch 2025-09-25 11:13:42 +02:00
peci
perf perf/arm: Add missing .suppress_bind_attrs 2025-08-20 18:30:33 +02:00
phy phy: ti-pipe3: fix device leak at unbind 2025-09-19 16:35:51 +02:00
pinctrl pinctrl: STMFX: add missing HAS_IOMEM dependency 2025-09-04 15:31:42 +02:00
platform platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() 2025-10-02 13:44:12 +02:00
pmdomain imx8m-blk-ctrl: set ISI panic write hurry level 2025-08-20 18:30:27 +02:00
pnp
power power: supply: bq27xxx: restrict no-battery detection to bq27000 2025-09-25 11:13:45 +02:00
powercap powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() 2025-08-15 12:13:36 +02:00
pps pps: clients: gpio: fix interrupt handling order in remove path 2025-08-20 18:30:25 +02:00
ps3
ptp ptp: Use ratelimite for freerun error message 2025-08-20 18:30:38 +02:00
pwm pwm: mediatek: Fix duty and period setting 2025-08-28 16:30:58 +02:00
rapidio drivers/rapidio/rio_cm.c: prevent possible heap overwrite 2025-06-27 11:11:36 +01:00
ras
regulator regulator: sy7636a: fix lifecycle of power good gpio 2025-09-19 16:35:50 +02:00
remoteproc remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU 2025-08-20 18:30:22 +02:00
reset reset: brcmstb: Enable reset drivers for ARCH_BCM2835 2025-08-20 18:30:25 +02:00
rpmsg
rtc rtc: pcf2127: fix SPI command byte for PCF2131 backport 2025-09-25 11:13:50 +02:00
s390 s390/sclp: Fix SCCB present check 2025-08-28 16:31:06 +02:00
sbus
scsi scsi: sr: Reinstate rotational media flag 2025-09-09 18:58:24 +02:00
sh
siox
slimbus
soc soc: qcom: mdt_loader: Deal with zero e_shentsize 2025-09-09 18:58:17 +02:00
soundwire soundwire: Move handle_nested_irq outside of sdw_dev_lock 2025-08-20 18:30:46 +02:00
spi spi: spi-fsl-lpspi: Clear status register after disabling the module 2025-09-09 18:58:25 +02:00
spmi
ssb
staging media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() 2025-08-28 16:31:00 +02:00
target scsi: target: target_core_configfs: Add length check to avoid buffer overflow 2025-10-06 11:17:52 +02:00
tc
tee tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" 2025-09-09 18:58:03 +02:00
thermal thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold 2025-09-09 18:58:22 +02:00
thunderbolt thunderbolt: Fix copy+paste error in match_service_id() 2025-08-20 18:30:52 +02:00
tty serial: sc16is7xx: fix bug in flow control levels init 2025-09-19 16:35:48 +02:00
ufs scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE 2025-10-02 13:44:05 +02:00
uio uio_hv_generic: Align ring size to system page 2025-06-27 11:11:25 +01:00
usb Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" 2025-10-02 13:44:15 +02:00
vdpa vdpa: Fix IDR memory leak in VDUSE module exit 2025-08-15 12:13:58 +02:00
vfio vfio/mlx5: fix possible overflow in tracking max message size 2025-08-20 18:30:48 +02:00
vhost vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() 2025-09-04 15:31:44 +02:00
video fbcon: Fix OOB access in font allocation 2025-10-02 13:44:14 +02:00
virt fix locking in efi_secret_unlink() 2025-08-20 18:30:21 +02:00
virtio virtio_ring: Fix error reporting in virtqueue_resize 2025-08-01 09:48:39 +01:00
w1
watchdog watchdog: iTCO_wdt: Report error if timeout configuration fails 2025-08-20 18:30:42 +02:00
xen xen/gntdev: remove struct gntdev_copy_batch from stack 2025-08-15 12:13:43 +02:00
zorro
Kconfig
Makefile