[ciqlts8 6] CVE-2023-53226#775
Merged
Merged
Conversation
jira VULN-154521 cve CVE-2023-53226 commit-author Polaris Pi <pinkperfect2021@gmail.com> commit 1195852 Make sure mwifiex_process_mgmt_packet, mwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet, mwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet not out-of-bounds access the skb->data buffer. Fixes: 2dbaf75 ("mwifiex: report received management frames to cfg80211") Signed-off-by: Polaris Pi <pinkperfect2021@gmail.com> Reviewed-by: Matthew Wang <matthewmwang@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230723070741.1544662-1-pinkperfect2021@gmail.com (cherry picked from commit 1195852) Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
jira VULN-154521 cve-bf CVE-2023-53226 commit-author Polaris Pi <pinkperfect2021@gmail.com> commit 2785851 Add missed return in mwifiex_uap_queue_bridged_pkt() and mwifiex_process_rx_packet(). Fixes: 1195852 ("wifi: mwifiex: Fix OOB and integer underflow when rx packets") Signed-off-by: Polaris Pi <pinkperfect2021@gmail.com> Reported-by: Dmitry Antipov <dmantipov@yandex.ru> Acked-by: Brian Norris <briannorris@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230810083911.3725248-1-pinkperfect2021@gmail.com (cherry picked from commit 2785851) Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
jira VULN-169541 cve CVE-2023-52525 commit-author Pin-yen Lin <treapking@chromium.org> commit aef7a03 Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc1042 headers. Fixes: 1195852 ("wifi: mwifiex: Fix OOB and integer underflow when rx packets") Signed-off-by: Pin-yen Lin <treapking@chromium.org> Acked-by: Brian Norris <briannorris@chromium.org> Reviewed-by: Matthew Wang <matthewmwang@chromium.org> Signed-off-by: Kalle Valo <kvalo@kernel.org> Link: https://lore.kernel.org/r/20230908104308.1546501-1-treapking@chromium.org (cherry picked from commit aef7a03) Signed-off-by: Roxana Nicolescu <rnicolescu@ciq.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DESCRIPTION
Commit "wifi: mwifiex: Fix OOB and integer underflow when rx packets" is the CVE fix.
The other two are bf.
Commit "wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet" turned out to be a CVE too.
COMMITS
TESTING
BUILD
Kselftests
Check_kernel_commits
Run interdiff
Run jira_pr_check