In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb’s Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Free the skb structure upon error before returning when appropriate. As the ‘is_tx = 0’ cannot be moved in the complete handler because of a possible race between the delay in switching to STATE_RX_AACK_ON and a new interrupt, we introduce an intermediate ‘was_tx’ boolean just for this purpose. There is no Fixes tag applying here, many changes have been made on this area and the issue kind of always existed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 5.16.11-1 | linux_5.16.11-1_all.deb |
Debian | 11 | all | linux | < 5.10.103-1 | linux_5.10.103-1_all.deb |
Debian | 999 | all | linux | < 5.16.11-1 | linux_5.16.11-1_all.deb |
Debian | 13 | all | linux | < 5.16.11-1 | linux_5.16.11-1_all.deb |