Mark wilc1000 issues as needed for 4.19

author: Ben Hutchings <ben@decadent.org.uk> 2022-12-20 15:56:28 +0100
committer: Ben Hutchings <ben@decadent.org.uk> 2022-12-20 15:56:28 +0100
commit: f7ba59209c2ad16e6ca69838e20e116f02f04599 (patch)
tree: 1690cb7c80810f9d7b8bd982f29a10ffa4e86684 /active/CVE-2022-47520
parent: e4404030cdfabb2359e9930df5d762c36d11bb84 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/active/CVE-2022-47520 b/active/CVE-2022-47520
index 572b34c6..41e5e57f 100644
--- a/active/CVE-2022-47520
+++ b/active/CVE-2022-47520
@@ -2,10 +2,15 @@ Description: wifi: wilc1000: validate pairwise and authentication suite offsets
 References:
  https://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com
 Notes:
+ bwh> The RSN parsing code was significantly refactored after 4.19 by
+ bwh> commit 4e0b0f42c9c7 "staging: wilc1000: use struct to pack join
+ bwh> parameters for FW, but I suspect it already had this bug.
+ bwh> The vulnerable function would be in
+ bwh> drivers/staging/wilc1000/host_interface.c
 Bugs:
 upstream: released (6.1-rc8) [cd21d99e595ec1d8721e1058dcdd4f1f7de1d793]
 5.10-upstream-stable: released (5.10.157) [7c6535fb4d67ea37c98a1d1d24ca33dd5ec42693]
-4.19-upstream-stable:
+4.19-upstream-stable: needed
 sid: released (6.0.12-1)
 5.10-bullseye-security: released (5.10.158-1)
-4.19-buster-security:
+4.19-buster-security: needed
author	Ben Hutchings <ben@decadent.org.uk>	2022-12-20 15:56:28 +0100
committer	Ben Hutchings <ben@decadent.org.uk>	2022-12-20 15:56:28 +0100
commit	f7ba59209c2ad16e6ca69838e20e116f02f04599 (patch)
tree	1690cb7c80810f9d7b8bd982f29a10ffa4e86684 /active/CVE-2022-47520
parent	e4404030cdfabb2359e9930df5d762c36d11bb84 (diff)