[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Linux kernel: heap overflow in the marvell wifi driver
From: Solar Designer <solar () openwall ! com>
Date: 2019-11-25 14:16:15
Message-ID: 20191125141615.GA10910 () openwall ! com
[Download RAW message or body]
On Fri, Nov 22, 2019 at 08:51:31PM +0800, qize wang wrote:
> some flaws were found in the Linux kernel's Marvell wifi chip driver.
> multi heap overflow in mwifiex_process_tdls_action_frame function in
> marvell/mwifiex/tdls.c which allows remote attackers to cause a denial
> of service(system crash) or execute arbitrary code.
>
> the station receive a tdls setup request or respone frame which IE 's
> length is larger than the heap buffer assigned (for example : the
> EID_SUPP_RATES IE's length > 255) will cause heap overflow??
Red Hat has assigned CVE-2019-14901 to this issue.
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic