APPLIED Re: [OEM-5.14/5.17/6.0][PATCH] CVE-2022-47520
Timo Aaltonen
tjaalton at ubuntu.com
Thu Feb 9 07:08:05 UTC 2023
Yuxuan Luo kirjoitti 8.2.2023 klo 23.27:
> [Impact]
> There exists an unchecked index in the wilc1000 driver that could trigger an
> out-of-bound read vulnerability, damaging system's integrity and
> confidentiality for microchip wilc1000 users.
>
> [Backport]
> It is a clean cherry for these three OEMs.
>
> [Test]
> Due to lack of hardware, all the patches were only compile tested.
>
> [Potential Regression]
> The scope of regression is limited to wilc1000/hif.c (or wilc1000/wilc_hif.c
> before the refactoring), affected users are wilc1000 users.
>
> Phil Turnbull (1):
> wifi: wilc1000: validate pairwise and authentication suite offsets
>
> drivers/net/wireless/microchip/wilc1000/hif.c | 21 ++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
applied to all three, thanks
--
t
More information about the kernel-team
mailing list