blob: ddeeb10f7b9c2a017454c1fcd4cd5e0cc6c5175d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: Heap Overflow in mwifiex_set_wmm_params() function
References:
https://www.openwall.com/lists/oss-security/2019/08/28/1
https://lore.kernel.org/linux-wireless/20190828020751.13625-1-huangwenabc@gmail.com/
Notes:
bwh> Introduced in 4.10 by commit 113630b581d6 "mwifiex: vendor_ie length
bwh> check for parse WMM IEs".
carnil> The bounds-check in mwifiex_set_wmm_paramsare still applied as
carnil> well in older versions e.g. 4.9.194. Put the state again in
carnil> needed for 4.9-stretch-security but just to recheck if this is
carnil> really not needed to track for CVE-2019-14815.
Bugs:
upstream: released (5.3) [7caac62ed598a196d6ddf8d9c121e12e082cac3a]
4.19-upstream-stable: released (4.19.75) [941431c491a68e0428bdfb46bbe4cbc52f7bfabb]
4.9-upstream-stable: released (4.9.194) [21dfacaf201ed13af70a8bd3e66bcf18cdb63b35]
3.16-upstream-stable: N/A "Vulnerability introduced later"
sid: released (5.2.17-1)
4.19-buster-security: released (4.19.87-1)
4.9-stretch-security: released (4.9.210-1)
3.16-jessie-security: N/A "Vulnerability introduced later"
|