ACK: [PATCH 0/2][SRU][D] CVE-2019-3846/CVE-2019-10126: Marvell WiFi-Ex memory corruption

Kleber Souza kleber.souza at canonical.com
Wed Jul 10 14:56:39 UTC 2019


On 10.07.19 03:25, Tyler Hicks wrote:
> A flaw that allowed an attacker to corrupt memory and possibly escalate
> privileges was found in the mwifiex kernel module while connecting to a
> malicious wireless network.
> 
>  - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3846
> 
> A flaw was found in the Linux kernel. A heap based buffer overflow in
> mwifiex_uap_parse_tail_ies function in
> drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
> corruption and possibly other consequences.
> 
>  - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-10126
> 
> Both patches are clean cherry picks. Build logs show no related compiler
> warnings. I am unable to test the Marvell WiFi-Ex driver.
> 
> Tyler
> 
> Takashi Iwai (2):
>   mwifiex: Fix possible buffer overflows at parsing bss descriptor
>   mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
> 
>  drivers/net/wireless/marvell/mwifiex/ie.c   | 47 +++++++++++++++++++----------
>  drivers/net/wireless/marvell/mwifiex/scan.c |  4 +++
>  2 files changed, 35 insertions(+), 16 deletions(-)
> 

Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>

Thank you,
Kleber



More information about the kernel-team mailing list