mbox series

[0/1,v2,SRU,focal/linux-oem-5.6] CVE-2020-36158

Message ID 20210302175029.5217-1-tim.gardner@canonical.com
Headers show
Series CVE-2020-36158 | expand

Message

Tim Gardner March 2, 2021, 5:50 p.m. UTC 
[Impact]
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c
in the Linux kernel through 5.10.4 might allow remote attackers to execute
arbitrary code via a long SSID value, aka CID-5c455c5ab332.

[Test Case]
None

[Potential regression]
Clean upstream cherry-pick, released in linux-4.14.y, linux-4.19.y,
linux-4.4.y, linux-4.9.y, linux-5.10.y, linux-5.4.y.txt

Comments

Tim Gardner March 19, 2021, 4:39 p.m. UTC | #1 
Applied to focal/linux-oem-5.6-next. Thanks.

-Stefan

On 3/2/21 10:50 AM, Tim Gardner wrote:
> [Impact]
> mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c
> in the Linux kernel through 5.10.4 might allow remote attackers to execute
> arbitrary code via a long SSID value, aka CID-5c455c5ab332.
> 
> [Test Case]
> None
> 
> [Potential regression]
> Clean upstream cherry-pick, released in linux-4.14.y, linux-4.19.y,
> linux-4.4.y, linux-4.9.y, linux-5.10.y, linux-5.4.y.txt
>