ACK: [PATCH 0/2][SRU][D/C/B] CVE-2019-9500, CVE-2019-9503 - Multiple brcmfmac issues
Colin Ian King
colin.king at canonical.com
Thu Apr 18 08:50:30 UTC 2019
On 18/04/2019 08:18, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9500
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9503
>
> CVE-2019-9500: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
> CVE-2019-9503: brcmfmac frame validation bypass
>
> Clean cherry-picks. Build logs are clean. I don't have hardware to test with so
> I've only been able to verify that the brcmfmac module loads.
>
> The fix for CVE-2019-9503 also needs to go back to Xenial but there are quite a
> few prerequisite patches needed before we can perform proper frame validation
> and I ran out of time for this SRU cycle.
>
> Tyler
>
> Arend van Spriel (2):
> brcmfmac: add subtype check for event handling in data path
> brcmfmac: assure SSID length from firmware is limited
>
> .../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++--
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h | 16 ++++++++++++----
> .../net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 2 +-
> 4 files changed, 18 insertions(+), 7 deletions(-)
>
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list