| Message ID | 1562721949-20337-1-git-send-email-tyhicks@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2019-3846/CVE-2019-10126: Marvell WiFi-Ex memory corruption | expand |
On 10.07.19 03:25, Tyler Hicks wrote: > A flaw that allowed an attacker to corrupt memory and possibly escalate > privileges was found in the mwifiex kernel module while connecting to a > malicious wireless network. > > - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3846 > > A flaw was found in the Linux kernel. A heap based buffer overflow in > mwifiex_uap_parse_tail_ies function in > drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory > corruption and possibly other consequences. > > - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-10126 > > One patch is a clean cherry pick and the other is a straightforward backport. > Build logs show no related compiler warnings. I am unable to test the Marvell > WiFi-Ex driver. > > Tyler > > Takashi Iwai (2): > mwifiex: Fix possible buffer overflows at parsing bss descriptor > mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() > > drivers/net/wireless/marvell/mwifiex/ie.c | 45 +++++++++++++++++++---------- > drivers/net/wireless/marvell/mwifiex/scan.c | 4 +++ > 2 files changed, 34 insertions(+), 15 deletions(-) > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Thank you, Kleber
On 7/9/19 6:25 PM, Tyler Hicks wrote: > A flaw that allowed an attacker to corrupt memory and possibly escalate > privileges was found in the mwifiex kernel module while connecting to a > malicious wireless network. > > - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3846 > > A flaw was found in the Linux kernel. A heap based buffer overflow in > mwifiex_uap_parse_tail_ies function in > drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory > corruption and possibly other consequences. > > - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-10126 > > One patch is a clean cherry pick and the other is a straightforward backport. > Build logs show no related compiler warnings. I am unable to test the Marvell > WiFi-Ex driver. > > Tyler > > Takashi Iwai (2): > mwifiex: Fix possible buffer overflows at parsing bss descriptor > mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() > > drivers/net/wireless/marvell/mwifiex/ie.c | 45 +++++++++++++++++++---------- > drivers/net/wireless/marvell/mwifiex/scan.c | 4 +++ > 2 files changed, 34 insertions(+), 15 deletions(-) > Acked-by: Connor Kuehl <connor.kuehl@canonical.com>
On 2019-07-10 01:25:47 , Tyler Hicks wrote: > A flaw that allowed an attacker to corrupt memory and possibly escalate > privileges was found in the mwifiex kernel module while connecting to a > malicious wireless network. > > - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-3846 > > A flaw was found in the Linux kernel. A heap based buffer overflow in > mwifiex_uap_parse_tail_ies function in > drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory > corruption and possibly other consequences. > > - https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-10126 > > One patch is a clean cherry pick and the other is a straightforward backport. > Build logs show no related compiler warnings. I am unable to test the Marvell > WiFi-Ex driver. > > Tyler > > Takashi Iwai (2): > mwifiex: Fix possible buffer overflows at parsing bss descriptor > mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() > > drivers/net/wireless/marvell/mwifiex/ie.c | 45 +++++++++++++++++++---------- > drivers/net/wireless/marvell/mwifiex/scan.c | 4 +++ > 2 files changed, 34 insertions(+), 15 deletions(-) > > -- > 2.7.4 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team