Message ID | 20230201001514.30995-1-yuxuan.luo@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-23559 | expand |
On 1/31/23 5:15 PM, Yuxuan Luo wrote: > [Impact] > It is found that it is possible to bypass rndis_wlan's security checks through > a vulnerability when given a large enough integer due to integer overflow, > possessing a threat to rndis_wlan driver users devices' memory. > > [Backport] > It is a clean cherry-pick. > > [Test] > Compile and smoke tested by loading the module and checking the dmesg. > > [Potential Regression] > This patch is local to rndis_wlan driver. > > Szymon Heidrich (1): > wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid > > drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Jacob Martin <jacob.martin@canonical.com> On 1/31/23 6:15 PM, Yuxuan Luo wrote: > [Impact] > It is found that it is possible to bypass rndis_wlan's security checks through > a vulnerability when given a large enough integer due to integer overflow, > possessing a threat to rndis_wlan driver users devices' memory. > > [Backport] > It is a clean cherry-pick. > > [Test] > Compile and smoke tested by loading the module and checking the dmesg. > > [Potential Regression] > This patch is local to rndis_wlan driver. > > Szymon Heidrich (1): > wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid > > drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) >
On 01.02.23 01:15, Yuxuan Luo wrote: > [Impact] > It is found that it is possible to bypass rndis_wlan's security checks through > a vulnerability when given a large enough integer due to integer overflow, > possessing a threat to rndis_wlan driver users devices' memory. > > [Backport] > It is a clean cherry-pick. > > [Test] > Compile and smoke tested by loading the module and checking the dmesg. > > [Potential Regression] > This patch is local to rndis_wlan driver. > > Szymon Heidrich (1): > wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid > > drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > Applied to jammy,focal:linux/master-next. Thanks. -Stefan
On 10.02.23 15:36, Stefan Bader wrote: > On 01.02.23 01:15, Yuxuan Luo wrote: >> [Impact] >> It is found that it is possible to bypass rndis_wlan's security checks >> through >> a vulnerability when given a large enough integer due to integer >> overflow, >> possessing a threat to rndis_wlan driver users devices' memory. >> >> [Backport] >> It is a clean cherry-pick. >> >> [Test] >> Compile and smoke tested by loading the module and checking the dmesg. >> >> [Potential Regression] >> This patch is local to rndis_wlan driver. >> >> Szymon Heidrich (1): >> wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid >> >> drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- >> 1 file changed, 6 insertions(+), 13 deletions(-) >> > > Applied to jammy,focal:linux/master-next. Thanks. > > -Stefan > > Forgot to update the subject. I only applied to J/F.
Applied to bionic and kinetic linux master-next Thanks, - Luke On Tue, Jan 31, 2023 at 4:15 PM Yuxuan Luo <yuxuan.luo@canonical.com> wrote: > [Impact] > It is found that it is possible to bypass rndis_wlan's security checks > through > a vulnerability when given a large enough integer due to integer overflow, > possessing a threat to rndis_wlan driver users devices' memory. > > [Backport] > It is a clean cherry-pick. > > [Test] > Compile and smoke tested by loading the module and checking the dmesg. > > [Potential Regression] > This patch is local to rndis_wlan driver. > > Szymon Heidrich (1): > wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid > > drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >