Arend Van Spriel <[email protected]> wrote: > Upon handling the firmware notification for scans the length was > checked properly and may result in corrupting kernel heap memory > due to buffer overruns. This fix addresses CVE-2017-0786. > > Cc: [email protected] # v4.0.x > Cc: Kevin Cernekee <[email protected]> > Reviewed-by: Hante Meuleman <[email protected]> > Reviewed-by: Pieter-Paul Giesberts <[email protected]> > Reviewed-by: Franky Lin <[email protected]> > Signed-off-by: Arend van Spriel <[email protected]>
2 patches applied to wireless-drivers.git, thanks. 17df6453d4be brcmfmac: add length check in brcmf_cfg80211_escan_handler() 35f62727df0e brcmfmac: setup passive scan if requested by user-space -- https://patchwork.kernel.org/patch/9948689/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
