[PATCH 0/2][SRU][X] CVE-2019-3846/CVE-2019-10126: Marvell WiFi-Ex memory corruption
tyhicks at canonical.com
Wed Jul 10 01:26:02 UTC 2019
A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a
malicious wireless network.
A flaw was found in the Linux kernel. A heap based buffer overflow in
mwifiex_uap_parse_tail_ies function in
drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
corruption and possibly other consequences.
Both patches are straightforward backports. Build logs show no related compiler
warnings. I am unable to test the Marvell WiFi-Ex driver.
Takashi Iwai (2):
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
drivers/net/wireless/mwifiex/ie.c | 45 ++++++++++++++++++++++++-------------
drivers/net/wireless/mwifiex/scan.c | 4 ++++
2 files changed, 34 insertions(+), 15 deletions(-)
More information about the kernel-team