android_kernel_zuk_msm8996.git

diff options

author	Takashi Iwai <tiwai@suse.de>	2019-05-29 14:52:19 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-07-21 09:07:06 +0200
commit	5d43b417e60ab25984fc7c41175f3ce8cee992bd (patch)
tree	bfa535a8072f591ad5813f8fc059ba8f8e28cd91 /include/linux
parent	4546109c30a7a93b8c198e011e2e545c377e363b (diff)

mwifiex: Fix possible buffer overflows at parsing bss descriptor

[ Upstream commit 13ec7f10b87f5fc04c4ccbd491c94c7980236a74 ] mwifiex_update_bss_desc_with_ie() calls memcpy() unconditionally in a couple places without checking the destination size. Since the source is given from user-space, this may trigger a heap buffer overflow. Fix it by putting the length check before performing memcpy(). This fix addresses CVE-2019-3846. Reported-by: huangwen <huangwen@venustech.com.cn> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to 'include/linux')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: