Skip to content

[ciqlts9_6] wifi: brcmfmac: validate bsscfg indices in IF events#1352

Open
ciq-kernel-automation[bot] wants to merge 1 commit into
ciqlts9_6from
{ciq_kernel_automation}_ciqlts9_6
Open

[ciqlts9_6] wifi: brcmfmac: validate bsscfg indices in IF events#1352
ciq-kernel-automation[bot] wants to merge 1 commit into
ciqlts9_6from
{ciq_kernel_automation}_ciqlts9_6

Conversation

@ciq-kernel-automation

@ciq-kernel-automation ciq-kernel-automation Bot commented Jun 17, 2026

Copy link
Copy Markdown

Summary

This PR has been automatically created after successful completion of all CI stages.

Commit Message(s)

wifi: brcmfmac: validate bsscfg indices in IF events

jira VULN-185622
cve CVE-2026-43110
commit-author Pengpeng Hou <pengpeng@iscas.ac.cn>
commit 304950a467d83678bd0b0f46331882e2ac23b12d

Test Results

✅ Build Stage

Architecture Build Time Total Time
x86_64 31m 4s 32m 0s
aarch64 18m 51s 19m 39s

✅ Boot Verification

✅ Kernel Selftests

Architecture Passed Failed Compared Against Status
x86_64 206 43 ciqlts9_6 ✅ No regressions
aarch64 154 45 ciqlts9_6 ✅ No regressions

✅ LTP Results

Architecture Passed Failed Compared Against Status
x86_64 1453 82 ciqlts9_6 ✅ No regressions
aarch64 1426 83 ciqlts9_6 ✅ No regressions

x86_64 newly passing:

  • futex_wake02 (FAIL -> PASS)

🤖 This PR was automatically generated by GitHub Actions
Run ID: 27675866563

wifi: brcmfmac: validate bsscfg indices in IF events
57a73bf 
jira VULN-185622
cve CVE-2026-43110
commit-author Pengpeng Hou <pengpeng@iscas.ac.cn>
commit 304950a

brcmf_fweh_handle_if_event() validates the firmware-provided interface
index before it touches drvr->iflist[], but it still uses the raw
bsscfgidx field as an array index without a matching range check.

Reject IF events whose bsscfg index does not fit in drvr->iflist[]
before indexing the interface array.

	Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
	Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Link: https://patch.msgid.link/20260323074551.93530-1-pengpeng@iscas.ac.cn
[add missing wifi prefix]
	Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 304950a)
	Signed-off-by: CIQ Kernel Automation <ciq_kernel_automation@ciq.com>
@ciq-kernel-automation ciq-kernel-automation Bot added the created-by-kernelci Tag PRs that were automatically created when a user branch was pushed to the repo (kernelCI) label Jun 17, 2026
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

🤖 Validation Checks In Progress Workflow run: https://github.com/ctrliq/kernel-src-tree/actions/runs/27689287061

@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

Validation checks completed successfully View full results: https://github.com/ctrliq/kernel-src-tree/actions/runs/27689287061

@roxanan1996 roxanan1996 requested a review from a team June 17, 2026 14:07
bmastbergen
bmastbergen approved these changes Jun 17, 2026
View reviewed changes

@bmastbergen bmastbergen left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roxanan1996 roxanan1996 roxanan1996 approved these changes

@bmastbergen bmastbergen bmastbergen approved these changes

Assignees

No one assigned

Labels

created-by-kernelci Tag PRs that were automatically created when a user branch was pushed to the repo (kernelCI)

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@roxanan1996 @bmastbergen