github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
6643b21aee
linux/drivers
History
Wen Gong 6643b21aee ath10k: Fix TKIP Michael MIC verification for PCIe 
commit 0dc267b13f upstream.

TKIP Michael MIC was not verified properly for PCIe cases since the
validation steps in ieee80211_rx_h_michael_mic_verify() in mac80211 did
not get fully executed due to unexpected flag values in
ieee80211_rx_status.

Fix this by setting the flags property to meet mac80211 expectations for
performing Michael MIC validation there. This fixes CVE-2020-26141. It
does the same as ath10k_htt_rx_proc_rx_ind_hl() for SDIO which passed
MIC verification case. This applies only to QCA6174/QCA9377 PCIe.

Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00110-QCARMSWP-1

Cc: stable@vger.kernel.org
Signed-off-by: Wen Gong <wgong@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-03 09:00:30 +02:00
..
accessibility
acpi ACPI: scan: Fix a memory leak in an error handling path 2021-05-19 10:13:13 +02:00
amba amba: Fix resource leak for drivers without .remove 2021-03-04 11:38:02 +01:00
android
ata ata: libahci_platform: fix IRQ check 2021-05-14 09:50:24 +02:00
atm atm: idt77252: fix null-ptr-dereference 2021-03-30 14:31:50 +02:00
auxdisplay auxdisplay: ht16k33: Fix refresh rate handling 2021-03-04 11:38:00 +01:00
base PM: runtime: Fix unpaired parent child_count for force_resume 2021-05-19 10:12:51 +02:00
bcma
block nbd: Fix NULL pointer in flush_workqueue 2021-05-19 10:13:14 +02:00
bluetooth Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip. 2021-05-19 10:12:54 +02:00
bus bus: qcom: Put child node before return 2021-05-14 09:50:13 +02:00
cdrom cdrom: gdrom: initialize global variable at init time 2021-05-26 12:06:55 +02:00
char tpm, tpm_tis: Reserve locality in tpm_tis_resume() 2021-05-19 10:12:51 +02:00
clk clk: exynos7: Mark aclk_fsys1_200 as critical 2021-05-19 10:13:19 +02:00
clocksource clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 2021-05-19 10:13:18 +02:00
connector
counter counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register 2021-03-25 09:04:16 +01:00
cpufreq cpufreq: intel_pstate: Use HWP if enabled by platform firmware 2021-05-19 10:12:51 +02:00
cpuidle cpuidle: Fix ARM_QCOM_SPM_CPUIDLE configuration 2021-05-14 09:50:16 +02:00
crypto crypto: ccp: Free SEV device if SEV init fails 2021-05-19 10:12:58 +02:00
dax device-dax: Fix default return code of range_parse() 2021-03-04 11:38:15 +01:00
dca
devfreq PM / devfreq: Use more accurate returned new_freq as resume_freq 2021-05-14 09:50:15 +02:00
dio
dma dmaengine: dw-edma: Fix crash on loading/unloading driver 2021-05-22 11:40:52 +02:00
dma-buf
edac EDAC/amd64: Do not load on family 0x15, model 0x13 2021-03-07 12:34:08 +01:00
eisa
extcon extcon: arizona: Fix various races on driver unbind 2021-05-11 14:47:24 +02:00
firewire firewire: nosy: Fix a use-after-free bug in nosy_ioctl() 2021-04-07 15:00:11 +02:00
firmware firmware: arm_scpi: Prevent the ternary sign expansion bug 2021-05-26 12:06:47 +02:00
fpga fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER 2021-05-14 09:50:06 +02:00
fsi
gnss
gpio gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 2021-05-22 11:40:54 +02:00
gpu drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 2021-05-26 12:06:57 +02:00
greybus
hid HID: lenovo: Map mic-mute button to KEY_F20 instead of KEY_MICMUTE 2021-05-14 09:50:33 +02:00
hsi HSI: core: fix resource leaks in hsi_add_client_from_dt() 2021-05-14 09:50:28 +02:00
hv Drivers: hv: vmbus: Increase wait time for VMbus unload 2021-05-14 09:50:21 +02:00
hwmon Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" 2021-05-26 12:06:54 +02:00
hwspinlock
hwtracing coresight: Do not scan for graph if none is present 2021-05-19 10:12:55 +02:00
i2c i2c: mediatek: Fix send master code at more than 1MHz 2021-05-19 10:13:19 +02:00
i3c Revert "i3c master: fix missing destroy_workqueue() on error in i3c_master_register" 2021-05-14 09:50:05 +02:00
ide ide/falconide: Fix module unload 2021-03-04 11:38:21 +01:00
idle
iio iio: tsl2583: Fix division by a zero lux_val 2021-05-19 10:13:16 +02:00
infiniband RDMA/uverbs: Fix a NULL vs IS_ERR() bug 2021-05-26 12:06:49 +02:00
input Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state 2021-05-22 11:40:52 +02:00
interconnect interconnect: core: fix error return code of icc_link_destroy() 2021-04-16 11:43:19 +02:00
iommu iommu/vt-d: Fix sysfs leak in alloc_iommu() 2021-06-03 09:00:27 +02:00
ipack
irqchip irqchip/gic-v3: Fix OF_BAD_ADDR error handling 2021-05-14 09:50:15 +02:00
isdn isdn: capi: fix mismatched prototypes 2021-05-22 11:40:52 +02:00
leds leds: lp5523: check return value of lp5xx_read and jump to cleanup code 2021-05-26 12:06:56 +02:00
lightnvm lightnvm: fix memory leak when submit fails 2021-01-27 11:55:22 +01:00
macintosh macintosh/adb-iop: Use big-endian autopoll mask 2021-03-04 11:37:42 +01:00
mailbox mailbox: sprd: Introduce refcnt when clients requests/free channels 2021-05-14 09:50:27 +02:00
mcb
md dm snapshot: fix crash with transient storage and zero chunk size 2021-05-26 12:06:54 +02:00
media Revert "media: rcar_drif: fix a memory disclosure" 2021-05-26 12:06:55 +02:00
memory memory: samsung: exynos5422-dmc: handle clk_set_parent() failure 2021-05-14 09:50:19 +02:00
memstick
message
mfd mfd: stm32-timers: Avoid clearing auto reload register 2021-05-14 09:50:27 +02:00
misc ics932s401: fix broken handling of errors when word reading fails 2021-05-26 12:06:56 +02:00
mmc mmc: sdhci-pci-gli: increase 1.8V regulator wait 2021-05-26 12:06:53 +02:00
most
mtd mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init 2021-05-14 09:50:15 +02:00
mux
net ath10k: Fix TKIP Michael MIC verification for PCIe 2021-06-03 09:00:30 +02:00
nfc nfc: pn533: prevent potential memory corruption 2021-05-14 09:50:32 +02:00
ntb
nubus
nvdimm libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC 2021-04-21 13:00:55 +02:00
nvme nvmet: use new ana_log_size instead the old one 2021-05-26 12:06:57 +02:00
nvmem drivers: nvmem: Fix voltage settings for QTI qfprom-efuse 2021-05-14 09:50:14 +02:00
of of: overlay: fix for_each_child.cocci warnings 2021-05-14 09:50:24 +02:00
opp opp: Correct debug message in _opp_add_static_v2() 2021-03-04 11:37:27 +01:00
oprofile
parisc
parport
pci PCI: tegra: Fix runtime PM imbalance in pex_ep_event_pex_rst_deassert() 2021-05-22 11:40:52 +02:00
pcmcia
perf perf/arm_pmu_platform: Fix error handling 2021-05-11 14:47:19 +02:00
phy phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally 2021-05-14 09:50:13 +02:00
pinctrl pinctrl: samsung: use 'int' for register masks in Exynos 2021-05-19 10:12:55 +02:00
platform platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios 2021-05-26 12:06:49 +02:00
pnp
power power: supply: bq25980: Move props from battery node 2021-05-14 09:50:25 +02:00
powercap
pps
ps3
ptp ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation 2021-04-10 13:36:09 +02:00
pwm pwm: atmel: Fix duty cycle calculation in .get_state() 2021-05-19 10:13:04 +02:00
rapidio rapidio: handle create_workqueue() failure 2021-05-26 12:06:52 +02:00
ras RAS/CEC: Correct ce_add_elem()'s returned values 2021-04-14 08:42:12 +02:00
regulator regulator: bd9576: Fix return from bd957x_probe() 2021-05-14 09:50:10 +02:00
remoteproc remoteproc: qcom_q6v5_mss: Validate p_filesz in ELF loader 2021-05-19 10:13:01 +02:00
reset
rpmsg rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() 2021-05-19 10:13:02 +02:00
rtc rtc: pcf85063: fallback to parent of_node 2021-05-26 12:06:57 +02:00
s390 s390/zcrypt: fix zcard and zqueue hot-unplug memleak 2021-05-11 14:47:11 +02:00
sbus
scsi scsi: ufs: handle cleanup correctly on devm_reset_control_get error 2021-05-26 12:06:56 +02:00
sfi
sh
siox
slimbus
soc soc: aspeed: fix a ternary sign expansion bug 2021-05-14 09:50:21 +02:00
soundwire soundwire: stream: fix memory leak in stream config error path 2021-05-14 09:50:14 +02:00
spi spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails 2021-05-14 09:50:20 +02:00
spmi spmi: spmi-pmic-arb: Fix hw_irq overflow 2021-03-04 11:38:40 +01:00
ssb
staging media: rkvdec: Remove of_match_ptr() 2021-05-19 10:13:19 +02:00
target scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found 2021-05-22 11:40:54 +02:00
tc
tee tee: amdtee: unload TA only when its refcount becomes 0 2021-05-26 12:06:47 +02:00
thermal thermal/drivers/tsens: Fix missing put_device error 2021-05-19 10:13:03 +02:00
thunderbolt thunderbolt: Fix off by one in tb_port_find_retimer() 2021-04-14 08:42:03 +02:00
tty tty: vt: always invoke vc->vc_sw->con_resize callback 2021-05-26 12:06:56 +02:00
uio uio_hv_generic: Fix a memory leak in error handling paths 2021-05-26 12:06:52 +02:00
usb usb: sl811-hcd: improve misleading indentation 2021-05-22 11:40:51 +02:00
vdpa vdpa/mlx5: Set err = -ENOMEM in case dma_map_sg_attrs fails 2021-04-28 13:39:59 +02:00
vfio vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer 2021-05-14 09:50:26 +02:00
vhost vhost-vdpa: fix vm_flags for virtqueue doorbell mapping 2021-05-11 14:47:12 +02:00
video video: hgafb: correctly handle card detect failure during probe 2021-05-26 12:06:57 +02:00
virt nitro_enclaves: Fix stale file descriptors on failed usercopy 2021-05-11 14:47:11 +02:00
virtio
visorbus
vlynq
vme
w1 w1: w1_therm: Fix conversion result for negative temperatures 2021-03-04 11:37:18 +01:00
watchdog watchdog: mei_wdt: request stop on unregister 2021-03-04 11:38:36 +01:00
xen xen-pciback: reconfigure also from backend watch handler 2021-05-26 12:06:54 +02:00
zorro
Kconfig
Makefile