APPLIED: [PATCH 0/2][SRU][B] CVE-2019-3846/CVE-2019-10126: Marvell WiFi-Ex memory corruption
Khaled Elmously
khalid.elmously at canonical.com
Fri Jul 12 06:39:43 UTC 2019
On 2019-07-10 01:25:47 , Tyler Hicks wrote:
> A flaw that allowed an attacker to corrupt memory and possibly escalate
> privileges was found in the mwifiex kernel module while connecting to a
> malicious wireless network.
>
> - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3846
>
> A flaw was found in the Linux kernel. A heap based buffer overflow in
> mwifiex_uap_parse_tail_ies function in
> drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory
> corruption and possibly other consequences.
>
> - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-10126
>
> One patch is a clean cherry pick and the other is a straightforward backport.
> Build logs show no related compiler warnings. I am unable to test the Marvell
> WiFi-Ex driver.
>
> Tyler
>
> Takashi Iwai (2):
> mwifiex: Fix possible buffer overflows at parsing bss descriptor
> mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
>
> drivers/net/wireless/marvell/mwifiex/ie.c | 45 +++++++++++++++++++----------
> drivers/net/wireless/marvell/mwifiex/scan.c | 4 +++
> 2 files changed, 34 insertions(+), 15 deletions(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list