Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit e5ce9df1 authored by Toke Høiland-Jørgensen's avatar Toke Høiland-Jørgensen Committed by Greg Kroah-Hartman
Browse files

wifi: ath9k_htc: Abort software beacon handling if disabled 



[ Upstream commit ac4e317a95a1092b5da5b9918b7118759342641c ]

A malicious USB device can send a WMI_SWBA_EVENTID event from an
ath9k_htc-managed device before beaconing has been enabled. This causes
a device-by-zero error in the driver, leading to either a crash or an
out of bounds read.

Prevent this by aborting the handling in ath9k_htc_swba() if beacons are
not enabled.

Reported-by: default avatarRobert Morris <rtm@csail.mit.edu>
Closes: https://lore.kernel.org/r/88967.1743099372@localhost


Fixes: 832f6a18 ("ath9k_htc: Add beacon slots")
Signed-off-by: default avatarToke Høiland-Jørgensen <toke@toke.dk>
Link: https://patch.msgid.link/20250402112217.58533-1-toke@toke.dk


Signed-off-by: default avatarJeff Johnson <jeff.johnson@oss.qualcomm.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 44ebe361
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment