ACK: [PATCH 0/2][SRU][D/C/B] CVE-2019-9500, CVE-2019-9503 - Multiple brcmfmac issues
Stefan Bader
stefan.bader at canonical.com
Thu Apr 18 08:21:59 UTC 2019
On 18.04.19 09:18, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9500
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9503
>
> CVE-2019-9500: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
> CVE-2019-9503: brcmfmac frame validation bypass
>
> Clean cherry-picks. Build logs are clean. I don't have hardware to test with so
> I've only been able to verify that the brcmfmac module loads.
>
> The fix for CVE-2019-9503 also needs to go back to Xenial but there are quite a
> few prerequisite patches needed before we can perform proper frame validation
> and I ran out of time for this SRU cycle.
>
> Tyler
>
> Arend van Spriel (2):
> brcmfmac: add subtype check for event handling in data path
> brcmfmac: assure SSID length from firmware is limited
>
> .../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++--
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h | 16 ++++++++++++----
> .../net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 2 +-
> 4 files changed, 18 insertions(+), 7 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190418/84c7e51d/attachment.sig>
More information about the kernel-team
mailing list