AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
fb3c06cfda
linux_dsm_epyc7002/drivers/net/wireless/marvell
History
Wen Huang e5e884b426 libertas: Fix two buffer overflows at parsing bss descriptor 
add_ie_rates() copys rates without checking the length
in bss descriptor from remote AP.when victim connects to
remote attacker, this may trigger buffer overflow.
lbs_ibss_join_existing() copys rates without checking the length
in bss descriptor from remote IBSS node.when victim connects to
remote attacker, this may trigger buffer overflow.
Fix them by putting the length check before performing copy.

This fix addresses CVE-2019-14896 and CVE-2019-14897.
This also fix build warning of mixed declarations and code.

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Wen Huang <huangwenabc@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-12-18 20:52:14 +02:00
..
libertas libertas: Fix two buffer overflows at parsing bss descriptor 2019-12-18 20:52:14 +02:00
libertas_tf libertas_tf: Use correct channel range in lbtf_geo_init 2019-07-24 14:53:40 +03:00
mwifiex wireless-drivers fixes for v5.5 2019-12-17 14:27:35 -08:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
mwl8k.c mac80211: simplify TX aggregation start 2019-10-04 13:58:13 +02:00