[PATCH 0/2][SRU][D] CVE-2019-3846/CVE-2019-10126: Marvell WiFi-Ex memory corruption

Tyler Hicks tyhicks at canonical.com
Wed Jul 10 01:25:31 UTC 2019

A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a
malicious wireless network.

 - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3846

A flaw was found in the Linux kernel. A heap based buffer overflow in
mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
corruption and possibly other consequences.

 - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-10126

Both patches are clean cherry picks. Build logs show no related compiler
warnings. I am unable to test the Marvell WiFi-Ex driver.


Takashi Iwai (2):
  mwifiex: Fix possible buffer overflows at parsing bss descriptor
  mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()

 drivers/net/wireless/marvell/mwifiex/ie.c   | 47 +++++++++++++++++++----------
 drivers/net/wireless/marvell/mwifiex/scan.c |  4 +++
 2 files changed, 35 insertions(+), 16 deletions(-)


More information about the kernel-team mailing list