forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Linux kernel for uConsole
794,429 commits 5 branches 3 tags 4.3 GiB
  • C 97.1%
  • Assembly 1.8%
  • Shell 0.4%
  • Makefile 0.3%
  • Python 0.2%
Find a file
Ganapathi Bhat 0aa8632c57 mwifiex: fix possible heap overflow in mwifiex_process_country_ie() 
commit 3d94a4a837 upstream.

mwifiex_process_country_ie() function parse elements of bss
descriptor in beacon packet. When processing WLAN_EID_COUNTRY
element, there is no upper limit check for country_ie_len before
calling memcpy. The destination buffer domain_info->triplet is an
array of length MWIFIEX_MAX_TRIPLET_802_11D(83). The remote
attacker can build a fake AP with the same ssid as real AP, and
send malicous beacon packet with long WLAN_EID_COUNTRY elemen
(country_ie_len > 83). Attacker can  force STA connect to fake AP
on a different channel. When the victim STA connects to fake AP,
will trigger the heap buffer overflow. Fix this by checking for
length and if found invalid, don not connect to the AP.

This fix addresses CVE-2019-14895.

Reported-by: huangwen <huangwenabc@gmail.com>
Signed-off-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:07:06 +01:00
arch ARM: dts: imx6ul: use nvmem-cells for cpu speed grading 2020-01-12 12:17:24 +01:00
block block: fix memleak when __blk_rq_map_user_iov() is failed 2020-01-12 12:17:22 +01:00
certs export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR() 2018-08-22 23:21:44 +09:00
crypto crypto: user - fix memory leak in crypto_report 2019-12-13 08:52:48 +01:00
Documentation dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example 2020-01-09 10:19:06 +01:00
drivers mwifiex: fix possible heap overflow in mwifiex_process_country_ie() 2020-01-14 20:07:06 +01:00
firmware kbuild: remove all dummy assignments to obj- 2017-11-18 11:46:06 +09:00
fs chardev: Avoid potential use-after-free in 'chrdev_open()' 2020-01-14 20:06:57 +01:00
include can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs 2020-01-14 20:07:03 +01:00
init fork: fix some -Wmissing-prototypes warnings 2019-12-05 09:21:04 +01:00
ipc ipc/mqueue.c: only perform resource calculation if user valid 2019-08-06 19:06:52 +02:00
kernel tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined 2020-01-14 20:06:59 +01:00
lib idr: Fix idr_get_next_ul race with idr_remove 2019-12-17 20:36:02 +01:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm arm64: Revert support for execute-only user mappings 2020-01-09 10:19:03 +01:00
net net: sch_prio: When ungrafting, replace with FIFO 2020-01-12 12:17:29 +01:00
samples samples: bpf: fix syscall_tp due to unused syscall 2020-01-12 12:17:13 +01:00
scripts kconfig: don't crash on NULL expressions in expr_eq() 2020-01-12 12:17:19 +01:00
security apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock 2020-01-09 10:19:02 +01:00
sound ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen 2020-01-14 20:06:59 +01:00
tools selftests/ftrace: Fix multiple kprobe testcase 2020-01-12 12:17:10 +01:00
usr kbuild: clean compressed initramfs image 2019-10-07 18:57:16 +02:00
virt KVM: arm/arm64: vgic: Don't rely on the wrong pending table 2019-12-13 08:52:45 +01:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS USB: rio500: Remove Rio 500 kernel driver 2019-10-17 13:44:47 -07:00
Makefile Linux 4.19.95 2020-01-12 12:17:30 +01:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.