DEBIAN-CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in freeirq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76REMOVED flag to indicate the device was removed and do not run into the resource access anymore. BUG: KASAN: use-after-free in mt7921irqhandler+0xd8/0x100 [mt7921e] Read of size 8 at addr ffff88824a7d3b78 by task rmmod/11115 CPU: 28 PID: 11115 Comm: rmmod Tainted: G W L 5.17.0 #10 Hardware name: Micro-Star International Co., Ltd. MS-7D73/MPG B650I EDGE WIFI (MS-7D73), BIOS 1.81 01/05/2024 Call Trace: <TASK> dumpstacklvl+0x6f/0xa0 printaddressdescription.constprop.0+0x1f/0x190 ? mt7921irqhandler+0xd8/0x100 [mt7921e] ? mt7921irqhandler+0xd8/0x100 [mt7921e] kasanreport.cold+0x7f/0x11b ? mt7921irqhandler+0xd8/0x100 [mt7921e] mt7921irqhandler+0xd8/0x100 [mt7921e] freeirq+0x627/0xaa0 devmfreeirq+0x94/0xd0 ? devmrequestanycontextirq+0x160/0x160 ? kobjectput+0x18d/0x4a0 mt7921pciremove+0x153/0x190 [mt7921e] pcideviceremove+0xa2/0x1d0 _devicereleasedriver+0x346/0x6e0 driverdetach+0x1ef/0x2c0 busremovedriver+0xe7/0x2d0 ? _checkobjectsize+0x57/0x310 pciunregisterdriver+0x26/0x250 _dosysdeletemodule+0x307/0x510 ? freemodule+0x6a0/0x6a0 ? fpregsassertstateconsistent+0x4b/0xb0 ? rcureadlockschedheld+0x10/0x70 ? syscallenterfromusermode+0x20/0x70 ? tracehardirqson+0x1c/0x130 dosyscall64+0x5c/0x80 ? tracehardirqsonprepare+0x72/0x160 ? dosyscall64+0x68/0x80 ? tracehardirqsonprepare+0x72/0x160 entrySYSCALL64afterhwframe+0x44/0xae