oss-sec mailing list archives
CVE request: kernel: libertas: fix buffer overrun
From: "Eugene Teo" <eugeneteo () kernel sg>
Date: Tue, 11 Nov 2008 13:19:52 +0800
Hi, We need a CVE name for this issue. This was committed in upstream kernel recently. "If somebody sends an invalid beacon/probe response, that can trash the whole BSS descriptor. The descriptor is, luckily, large enough so that it cannot scribble past the end of it; it's well above 400 bytes long. Upstream commit: 48735d8d8bd701b1e0cd3d49c21e5e385ddcb077 https://bugzilla.redhat.com/show_bug.cgi?id=470761 http://article.gmane.org/gmane.linux.kernel.wireless.general/23049 Thanks, Eugene
Current thread:
- CVE request: kernel: libertas: fix buffer overrun Eugene Teo (Nov 10)
- Re: CVE request: kernel: libertas: fix buffer overrun Steven M. Christey (Nov 20)