[PATCH 0/2][SRU][D/C/B] CVE-2019-9500, CVE-2019-9503 - Multiple brcmfmac issues
Tyler Hicks
tyhicks at canonical.com
Thu Apr 18 07:18:20 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9500
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9503
CVE-2019-9500: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
CVE-2019-9503: brcmfmac frame validation bypass
Clean cherry-picks. Build logs are clean. I don't have hardware to test with so
I've only been able to verify that the brcmfmac module loads.
The fix for CVE-2019-9503 also needs to go back to Xenial but there are quite a
few prerequisite patches needed before we can perform proper frame validation
and I ran out of time for this SRU cycle.
Tyler
Arend van Spriel (2):
brcmfmac: add subtype check for event handling in data path
brcmfmac: assure SSID length from firmware is limited
.../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++
drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++--
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h | 16 ++++++++++++----
.../net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 2 +-
4 files changed, 18 insertions(+), 7 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list