[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Linux kernel: heap overflow in the marvell wifi driver
From:       Solar Designer <solar () openwall ! com>
Date:       2019-11-25 14:16:15
Message-ID: 20191125141615.GA10910 () openwall ! com
[Download RAW message or body]

On Fri, Nov 22, 2019 at 08:51:31PM +0800, qize wang wrote:
> some flaws were found in the Linux kernel's Marvell wifi chip driver. 
> multi heap overflow in mwifiex_process_tdls_action_frame function in 
> marvell/mwifiex/tdls.c which allows remote attackers to cause a denial 
> of service(system crash) or execute arbitrary code.
> 
> the station receive a tdls setup request or respone frame which IE 's 
> length is larger than the heap buffer assigned (for example : the 
> EID_SUPP_RATES IE's length > 255) will cause heap overflow??

Red Hat has assigned CVE-2019-14901 to this issue.

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]