2024-07-16 11:43:49
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skbs Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Free the skb structure upon error before returning when appropriate. As the is_tx = 0 cannot be moved in the complete handler because of a possible race between the delay in switching to STATE_RX_AACK_ON and a new interrupt, we introduce an intermediate was_tx boolean just for this purpose. There is no Fixes tag applying here, many changes have been made on this area and the issue kind of always existed.