APPLIED[D]: [PATCH 0/2][SRU][D/C/B] CVE-2019-9500, CVE-2019-9503 - Multiple brcmfmac issues

[Kleber Souza]

On 4/18/19 9:18 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9500
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-9503
> 
> CVE-2019-9500: brcmfmac heap buffer overflow in brcmf_wowl_nd_results
> CVE-2019-9503: brcmfmac frame validation bypass
> 
> Clean cherry-picks. Build logs are clean. I don't have hardware to test with so
> I've only been able to verify that the brcmfmac module loads.
> 
> The fix for CVE-2019-9503 also needs to go back to Xenial but there are quite a
> few prerequisite patches needed before we can perform proper frame validation
> and I ran out of time for this SRU cycle.
> 
> Tyler
> 
> Arend van Spriel (2):
>   brcmfmac: add subtype check for event handling in data path
>   brcmfmac: assure SSID length from firmware is limited
> 
>  .../net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c  |  2 ++
>  drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c  |  5 +++--
>  drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.h  | 16 ++++++++++++----
>  .../net/wireless/broadcom/brcm80211/brcmfmac/msgbuf.c    |  2 +-
>  4 files changed, 18 insertions(+), 7 deletions(-)
> 

Applied to disco/master-next branch.

Thanks,
Kleber