oss-sec mailing list archives
Re: Linux kernel: heap overflow in the marvell wifi driver
From: Solar Designer <solar () openwall com>
Date: Mon, 25 Nov 2019 15:16:15 +0100
On Fri, Nov 22, 2019 at 08:51:31PM +0800, qize wang wrote:
some flaws were found in the Linux kernel's Marvell wifi chip driver. multi heap overflow in mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c which allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. the station receive a tdls setup request or respone frame which IE 's length is larger than the heap buffer assigned (for example : the EID_SUPP_RATES IE's length > 255) will cause heap overflow??
Red Hat has assigned CVE-2019-14901 to this issue. Alexander
Current thread:
- Linux kernel: heap overflow in the marvell wifi driver qize wang (Nov 22)
- Re: Linux kernel: heap overflow in the marvell wifi driver Solar Designer (Nov 25)