[PATCH OLK-6.6] wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he

From: Ma Ke make24@iscas.ac.cn

stable inclusion from stable-v6.6.54 commit 8e4b60ae8a047ad2fb175fcfdd54feee80983a45 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYPJK CVE: CVE-2024-47681

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...

--------------------------------

commit f503ae90c7355e8506e68498fe84c1357894cd5b upstream.

Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he routine adding an sta interface to the mt7996 driver.

Found by code review.

Cc: stable@vger.kernel.org Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices") Signed-off-by: Ma Ke make24@iscas.ac.cn Link: https://patch.msgid.link/20240813081242.3991814-1-make24@iscas.ac.cn Signed-off-by: Felix Fietkau nbd@nbd.name Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: ZhangPeng zhangpeng362@huawei.com Signed-off-by: Zheng Yejian zhengyejian1@huawei.com --- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c index b66f712e1b17..531e948b0e3f 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c @@ -1303,6 +1303,9 @@ mt7996_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif, u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map); u8 snd_dim, sts;

+ if (!vc) + return; + bf->tx_mode = MT_PHY_TYPE_HE_SU;

mt7996_mcu_sta_sounding_rate(bf);