from:"Xiaohui Zhang"

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_uap_bss_param_prepare

2020-12-08 Thread Xiaohui Zhang

From: Zhang Xiaohui mwifiex_uap_bss_param_prepare() calls memcpy() without checking the destination size may trigger a buffer overflower, which a local user could use to cause denial of service or the execution of arbitrary code. Fix it by putting the length check before calling memcpy(). Signed

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_config_scan

2020-12-08 Thread Xiaohui Zhang

From: Zhang Xiaohui mwifiex_config_scan() calls memcpy() without checking the destination size may trigger a buffer overflower, which a local user could use to cause denial of service or the execution of arbitrary code. Fix it by putting the length check before calling memcpy(). Signed-off-by: Z

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_config_scan

2020-12-08 Thread Xiaohui Zhang

From: Zhang Xiaohui mwifiex_config_scan() calls memcpy() without checking the destination size may trigger a buffer overflower, which a local user could use to cause denial of service or the execution of arbitrary code. Fix it by putting the length check before calling memcpy(). Signed-off-by: Z

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_uap_bss_param_prepare

2020-12-08 Thread Xiaohui Zhang

From: Zhang Xiaohui mwifiex_uap_bss_param_prepare() calls memcpy() without checking the destination size may trigger a buffer overflower, which a local user could use to cause denial of service or the execution of arbitrary code. Fix it by putting the length check before calling memcpy(). Signed

[PATCH 1/1] ice: fix array overflow on receiving too many fragments for a packet

2020-12-06 Thread Xiaohui Zhang

From: Zhang Xiaohui If the hardware receives an oversized packet with too many rx fragments, skb_shinfo(skb)->frags can overflow and corrupt memory of adjacent pages. This becomes especially visible if it corrupts the freelist pointer of a slab page. Signed-off-by: Zhang Xiaohui --- drivers/ne

[PATCH 1/1] ionic: fix array overflow on receiving too many fragments for a packet

2020-12-06 Thread Xiaohui Zhang

From: Zhang Xiaohui If the hardware receives an oversized packet with too many rx fragments, skb_shinfo(skb)->frags can overflow and corrupt memory of adjacent pages. This becomes especially visible if it corrupts the freelist pointer of a slab page. Signed-off-by: Zhang Xiaohui --- drivers/ne

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

2020-12-06 Thread Xiaohui Zhang

From: Zhang Xiaohui mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking the destination size may trigger a buffer overflower, which a local user could use to cause denial of service or the execution of arbitrary code. Fix it by putting the length check before calling memcpy(). Sign

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_uap_bss_param_prepare

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_config_scan

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_config_scan

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_uap_bss_param_prepare

[PATCH 1/1] ice: fix array overflow on receiving too many fragments for a packet

[PATCH 1/1] ionic: fix array overflow on receiving too many fragments for a packet

[PATCH 1/1] mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

7 matches

Site Navigation

Mail list logo

Footer information