| Message ID | 20230327204618.42534-1-yuxuan.luo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2023-23559 | expand |
On 3/27/23 2:46 PM, Yuxuan Luo wrote: > [Impact] > It is found that it is possible to bypass rndis_wlan's security checks through > a vulnerability when given a large enough integer due to integer overflow, > possessing a threat to rndis_wlan driver users devices' memory. > > [Backport] > It is a clean cherry-pick. > > [Test] > Compile and smoke tested by loading the module and checking the dmesg. > > [Potential Regression] > This patch is local to rndis_wlan driver. > > Szymon Heidrich (1): > wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid > > drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On Mon, Mar 27, 2023 at 04:46:17PM -0400, Yuxuan Luo wrote: > [Impact] > It is found that it is possible to bypass rndis_wlan's security checks through > a vulnerability when given a large enough integer due to integer overflow, > possessing a threat to rndis_wlan driver users devices' memory. > > [Backport] > It is a clean cherry-pick. > > [Test] > Compile and smoke tested by loading the module and checking the dmesg. > > [Potential Regression] > This patch is local to rndis_wlan driver. > > Szymon Heidrich (1): > wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid > > drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- > 1 file changed, 6 insertions(+), 13 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Applied to jammy:linux-oem-5.17 and jammy:linux-oem-6.0. Thank you!