Headline
CVE-2020-36158: [1/1] mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.
Message ID
[email protected] (mailing list archive)
State
Accepted
Commit
5c455c5ab332773464d02ba17015acdca198f03d
Delegated to:
Kalle Valo
Headers
show
Series
[1/1] mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start | expand
Commit Message****Comments
Patch
diff --git a/drivers/net/wireless/marvell/mwifiex/join.c b/drivers/net/wireless/marvell/mwifiex/join.c index 5934f7147…173ccf79c 100644 — a/drivers/net/wireless/marvell/mwifiex/join.c +++ b/drivers/net/wireless/marvell/mwifiex/join.c @@ -877,6 +877,8 @@ mwifiex_cmd_802_11_ad_hoc_start(struct mwifiex_private *priv,
memset(adhoc\_start->ssid, 0, IEEE80211\_MAX\_SSID\_LEN);
if (req_ssid->ssid_len > IEEE80211_MAX_SSID_LEN)
req\_ssid->ssid\_len = IEEE80211\_MAX\_SSID\_LEN;
memcpy(adhoc_start->ssid, req_ssid->ssid, req_ssid->ssid_len);
mwifiex_dbg(adapter, INFO, "info: ADHOC_S_CMD: SSID = %s\n",
Related news
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-14615: kernel: Intel graphics card information leak. * CVE-2020-0427: kernel: out-of-bounds reads in pinctrl subsystem. * CVE-2020-24502: kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers * CVE-2020-24503: kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers * CVE-2020-24504: kernel: Uncontroll...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-14615: kernel: Intel graphics card information leak. * CVE-2020-0427: kernel: out-of-bounds reads in pinctrl subsystem. * CVE-2020-24502: kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers * CVE-2020-24503: kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers * CVE-2020-24504: kernel: Uncontr...