NAK: [PATCH v2] CVE-2011-2517

Seth Forshee seth.forshee at canonical.com
Wed Oct 12 18:09:36 UTC 2011


On Wed, Oct 12, 2011 at 05:59:21PM +0100, Stefan Bader wrote:
> On 11.10.2011 17:01, Paolo Pisati wrote:
> > CVE-2011-2517:
> > 	Buffer overflow flaws in the Linux kernel's netlink-based wireless
> > 	configuration interface implementation could allow a local user,
> > 	who has the CAP_NET_ADMIN capability, to cause a denial of service
> > 	or escalate their privileges on systems that have an active wireless
> > 	interface.
> > 
> > The cve advisory mentions two commits (208c72f4fe44fe09577e7975ba0e7fa0278f3d03
> > and 57a27e1d6a3bb9ad4efeebd3a8c71156d6207536) but the second one supersedes the
> > first one, so i picked and adapted that.
> > 
> > Following this email are 3 patches for lucid/master, lucid/fsl-imx51 and
> > another one for maverick/[master|ti-omap4], natty/[master|ti-omap4].
> > Lucid/[ec2|mvl-dove] and maverick/mvl-dove will get it after the next rebase.
> > 
> > Paolo Pisati (1):
> >    nl80211: fix overflow in ssid_len - CVE-2011-2517
> > 
> >  net/wireless/nl80211.c |    4 ++--
> >  1 files changed, 2 insertions(+), 2 deletions(-)
> > 
> 
> Somehow it looks to me that maybe that is missing a part of the second patch
> which makes modifications to nl80211_start_sched_scan. Generally I would stick
> with upstream patches even if they do fix themselves. That way its harder to
> miss something and also it keeps the referencing saner.

I noticed the missing chunk too, but nl80211_start_sched_scan doesn't
exist in lucid/maverick (added for 3.0 in commit 807f8a8c). May still be
better to backport both patches however.




More information about the kernel-team mailing list