[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [oss-security] Linux kernel: heap overflow in the marvell wifi driver
On Fri, Nov 22, 2019 at 08:51:31PM +0800, qize wang wrote:
> some flaws were found in the Linux kernel's Marvell wifi chip driver.
> multi heap overflow in mwifiex_process_tdls_action_frame function in
> marvell/mwifiex/tdls.c which allows remote attackers to cause a denial
> of service(system crash) or execute arbitrary code.
> the station receive a tdls setup request or respone frame which IE 's
> length is larger than the heap buffer assigned (for example : the
> EID_SUPP_RATES IE's length > 255) will cause heap overflow??
Red Hat has assigned CVE-2019-14901 to this issue.