blob: 6b8d75a39b12d710aa2846b15967712f74a480a4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Stack overflow in lbs_ibss_join_existing() function of libertas Wifi Driver
References:
https://www.openwall.com/lists/oss-security/2019/11/22/1
https://patchwork.kernel.org/patch/11257187/
https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git/commit/?id=e5e884b42639c74b5b57dc277909915c0aefc8bb
Notes:
bwh> Introduced in 2.6.36 by commit e86dc1ca4676 "Libertas: cfg80211 support".
bwh> Upstream fix has unbalanced locking so will need a follow-up fix.
carnil> Fixed as well in 5.4.16.
Bugs:
upstream: released (5.5) [e5e884b42639c74b5b57dc277909915c0aefc8bb]
4.19-upstream-stable: released (4.19.100) cbd56515be5a8ea97134ef762b7a2923b94cb9c4]
4.9-upstream-stable: released (4.9.212) [e5e884b42639c74b5b57dc277909915c0aefc8bb]
3.16-upstream-stable: needed
sid: pending (5.4.18-1)
4.19-buster-security: released (4.19.98-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
4.9-stretch-security: released (4.9.210-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
3.16-jessie-security: released (3.16.81-1) [bugfix/all/libertas-fix-two-buffer-overflows-at-parsing-bss-descriptor.patch]
|