ACK: [OEM-5.14/5.17/6.0][PATCH] CVE-2022-47520
Tim Gardner
tim.gardner at canonical.com
Thu Feb 9 02:29:31 UTC 2023
On 2/8/23 14:27, Yuxuan Luo wrote:
> [Impact]
> There exists an unchecked index in the wilc1000 driver that could trigger an
> out-of-bound read vulnerability, damaging system's integrity and
> confidentiality for microchip wilc1000 users.
>
> [Backport]
> It is a clean cherry for these three OEMs.
>
> [Test]
> Due to lack of hardware, all the patches were only compile tested.
>
> [Potential Regression]
> The scope of regression is limited to wilc1000/hif.c (or wilc1000/wilc_hif.c
> before the refactoring), affected users are wilc1000 users.
>
> Phil Turnbull (1):
> wifi: wilc1000: validate pairwise and authentication suite offsets
>
> drivers/net/wireless/microchip/wilc1000/hif.c | 21 ++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list