[PATCH 0/2][SRU][B] CVE-2019-3846/CVE-2019-10126: Marvell WiFi-Ex memory corruption
tyhicks at canonical.com
Wed Jul 10 01:25:47 UTC 2019
A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a
malicious wireless network.
A flaw was found in the Linux kernel. A heap based buffer overflow in
mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
corruption and possibly other consequences.
One patch is a clean cherry pick and the other is a straightforward backport.
Build logs show no related compiler warnings. I am unable to test the Marvell
Takashi Iwai (2):
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
drivers/net/wireless/marvell/mwifiex/ie.c | 45 +++++++++++++++++++----------
drivers/net/wireless/marvell/mwifiex/scan.c | 4 +++
2 files changed, 34 insertions(+), 15 deletions(-)
More information about the kernel-team