From patchwork Mon Mar 27 20:46:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1761973 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=W0oQlBYR; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PllGf2jkMz1yYp for ; Tue, 28 Mar 2023 07:46:34 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pgtjY-00070U-1s; Mon, 27 Mar 2023 20:46:28 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pgtjX-00070M-5o for kernel-team@lists.ubuntu.com; Mon, 27 Mar 2023 20:46:27 +0000 Received: from mail-qv1-f70.google.com (mail-qv1-f70.google.com [209.85.219.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 95D573F191 for ; Mon, 27 Mar 2023 20:46:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1679949986; bh=3mGesA0o+t4kaFGG/aK6tbzVohCF49pqJeAzOPPV7uM=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=W0oQlBYRqxuDWKPYk5cSTaoW/PGmh9baR8C/lK4UUUQwHkHXMjdbfON0G7095aO4a CUOxbe1yOeskZ5+ItWo8H9TQEDArROc4N3zXNr0kVE7dVTH9t53h06as4iPr/2rxhl MgYXQz5eIYWZod82Lo2TGuxwEtUqF6Kj11sI1+6avk9pkUGk3SkQdJIv+3jKK1CrtA LSFXJWS4vpY6KmnO4lDunDAmZ75f/PgsTD7tITxpYFAVUa4cWNNDfg4SXQAnQ5HN2D dWwpVal23ERfKgXQ24Dqv+NyJmVcR2aAnQ985TxN7RhGh/GLUzq616M6fg4JQd/4gd bPMICjueNZOww== Received: by mail-qv1-f70.google.com with SMTP id m3-20020a0cbf03000000b005de7233ca79so2003453qvi.3 for ; Mon, 27 Mar 2023 13:46:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679949985; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3mGesA0o+t4kaFGG/aK6tbzVohCF49pqJeAzOPPV7uM=; b=Oe9qtVBBWBWn0e4htJZuSbkb7VB7bTvhqxoQofqKC5urcPl8Vw05iJuwlKauzvPgTX zrwxz4kG8V8eZv9h4a/hdRBUXXE5RSEYpJm5I5EINvy5QrZGtqcL60MrBOEP6ItKESTw XU3wHOU/K2xn0fjU+FUleFzSJRKbMhP+qi/Arma0QHm8fnwj3XNJpGieplmYHJPLYxNi KHR3O1OCKGMZPs+EHvQz9x6zhMtFZ53GUf+/H3YE/paxbyp4fvKuwdmwWkTdPhOPIxVK B7fRsCsLdg8T6QjDfAydWaooLl9gISbCFUruaaJwIz8I/tyBEIggiSHMJfGoIIwaoi2U zfzA== X-Gm-Message-State: AAQBX9dx+SdEBnCqrbIJwIHW0Pz1mEr0koSr3XNLeiYu4R1r4F8+qKkM Qx3vzg4Pi2R1esNeWEbK9E41wE+9SH5olzPUBYwwV7dwyu2jnqlVHyF2WsfujG+Rr3v2kB2DoN+ 51OiRf+H3IH0ElVwUupfTBbx/DB70DYcHJbEawmUYjPDImRGZow== X-Received: by 2002:a05:6214:2604:b0:5ab:e259:b2a9 with SMTP id gu4-20020a056214260400b005abe259b2a9mr25060645qvb.14.1679949985172; Mon, 27 Mar 2023 13:46:25 -0700 (PDT) X-Google-Smtp-Source: AKy350aseQo0MLLLnCVefKw46Q4cd0AyJktBU99YivUy0UaVA6r9Nvq0FEbBW3NQ1FwtOphkxGMlWA== X-Received: by 2002:a05:6214:2604:b0:5ab:e259:b2a9 with SMTP id gu4-20020a056214260400b005abe259b2a9mr25060608qvb.14.1679949984818; Mon, 27 Mar 2023 13:46:24 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2601:86:200:98b0:a100:1ed3:92dd:f347]) by smtp.gmail.com with ESMTPSA id oj16-20020a056214441000b005dd8b9345c1sm3245696qvb.89.2023.03.27.13.46.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 Mar 2023 13:46:24 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][OEM-5.17/OEM-6.0][PATCH 0/1] CVE-2023-23559 Date: Mon, 27 Mar 2023 16:46:17 -0400 Message-Id: <20230327204618.42534-1-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] It is found that it is possible to bypass rndis_wlan's security checks through a vulnerability when given a large enough integer due to integer overflow, possessing a threat to rndis_wlan driver users devices' memory. [Backport] It is a clean cherry-pick. [Test] Compile and smoke tested by loading the module and checking the dmesg. [Potential Regression] This patch is local to rndis_wlan driver. Szymon Heidrich (1): wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid drivers/net/wireless/rndis_wlan.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) Acked-by: Tim Gardner