[SRU][B/F/J/K][PATCH 0/1] CVE-2023-23559
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Feb 1 00:15:13 UTC 2023
[Impact]
It is found that it is possible to bypass rndis_wlan's security checks through
a vulnerability when given a large enough integer due to integer overflow,
possessing a threat to rndis_wlan driver users devices' memory.
[Backport]
It is a clean cherry-pick.
[Test]
Compile and smoke tested by loading the module and checking the dmesg.
[Potential Regression]
This patch is local to rndis_wlan driver.
Szymon Heidrich (1):
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
drivers/net/wireless/rndis_wlan.c | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list