APPLIED[D]: [PATCH 0/2][SRU][D/C/B] CVE-2019-9500, CVE-2019-9503 - Multiple brcmfmac issues
kleber.souza at canonical.com
Tue Apr 23 15:25:51 UTC 2019
On 4/18/19 9:18 AM, Tyler Hicks wrote:
> CVE-2019-9500: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
> CVE-2019-9503: brcmfmac frame validation bypass
> Clean cherry-picks. Build logs are clean. I don't have hardware to test with so
> I've only been able to verify that the brcmfmac module loads.
> The fix for CVE-2019-9503 also needs to go back to Xenial but there are quite a
> few prerequisite patches needed before we can perform proper frame validation
> and I ran out of time for this SRU cycle.
> Arend van Spriel (2):
> brcmfmac: add subtype check for event handling in data path
> brcmfmac: assure SSID length from firmware is limited
> .../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 2 ++
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 5 +++--
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h | 16 ++++++++++++----
> .../net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c | 2 +-
> 4 files changed, 18 insertions(+), 7 deletions(-)
Applied to disco/master-next branch.
More information about the kernel-team