Headline
CVE-2021-43976: mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
Message ID
State
New
Delegated to:
Kalle Valo
Headers
show
Series
mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv | expand
Commit Message****Comments
Patch
diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c index 426e39d4c…6d81e8786 100644 — a/drivers/net/wireless/marvell/mwifiex/usb.c +++ b/drivers/net/wireless/marvell/mwifiex/usb.c @@ -130,7 +130,8 @@ static int mwifiex_usb_recv(struct mwifiex_adapter *adapter, default: mwifiex_dbg(adapter, ERROR, "unknown recv_type %#x\n", recv_type); - return -1;
ret = -1;
case MWIFIEX_USB_EP_DATA:goto exit\_restore\_skb; } break;