Pick patch from [1] also mentioned in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20972 [2] https://security-tracker.debian.org/tracker/CVE-2026-3201
More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201 Signed-off-by: Hitendra Prajapati <[email protected]> --- .../wireshark/files/CVE-2026-3201.patch | 55 +++++++++++++++++++ .../wireshark/wireshark_4.2.14.bb | 1 + 2 files changed, 56 insertions(+) create mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch b/meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch new file mode 100644 index 0000000000..178125fed9 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2026-3201.patch @@ -0,0 +1,55 @@ +From 5e80615ebc95c3f57235ab2699b03e45d8071a1c Mon Sep 17 00:00:00 2001 +From: Michael Mann <[email protected]> +Date: Mon, 26 Jan 2026 16:44:58 +0000 +Subject: [PATCH] USB-HID: Bugfix resource exhaustion in + parse_report_descriptor() + +Sanity range check was removed in 739666a7f5acc270204980e01b4069caf5060f30, restore it + +AI-Assisted: no +Fixes #20972 + +(cherry picked from commit 6f753c79b7c8ac382e6383dfabd7d5be6e2b722c) + +CVE: CVE-2026-3201 +Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/5e80615ebc95c3f57235ab2699b03e45d8071a1c] +Signed-off-by: Hitendra Prajapati <[email protected]> +--- + epan/dissectors/packet-usb-hid.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-usb-hid.c b/epan/dissectors/packet-usb-hid.c +index 9a402ee..a27606a 100644 +--- a/epan/dissectors/packet-usb-hid.c ++++ b/epan/dissectors/packet-usb-hid.c +@@ -3675,6 +3675,7 @@ hid_unpack_signed(guint8 *data, unsigned int idx, unsigned int size, gint32 *val + return FALSE; + } + ++#define MAX_REPORT_DESCRIPTOR_COUNT 100000 // Arbitrary + static gboolean + parse_report_descriptor(report_descriptor_t *rdesc) + { +@@ -3856,7 +3857,7 @@ parse_report_descriptor(report_descriptor_t *rdesc) + } + + /* Usage min and max must be on the same page */ +- if (USAGE_PAGE(usage_min) != USAGE_PAGE(usage_max)) { ++ if (USAGE_PAGE(usage_min) != USAGE_PAGE(usage_max)) { + goto err; + } + +@@ -3864,6 +3865,10 @@ parse_report_descriptor(report_descriptor_t *rdesc) + goto err; + } + ++ if (wmem_array_get_count(field.usages) + usage_max - usage_min >= MAX_REPORT_DESCRIPTOR_COUNT) { ++ goto err; ++ } ++ + /* min and max are inclusive */ + wmem_array_grow(field.usages, usage_max - usage_min + 1); + for (guint32 j = usage_min; j <= usage_max; j++) { +-- +2.50.1 + diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb index 81c300fcb5..dbf7017514 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb @@ -17,6 +17,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://CVE-2025-13499.patch \ file://CVE-2026-0959.patch \ file://CVE-2026-0962.patch \ + file://CVE-2026-3201.patch \ " UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"; -- 2.50.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125022): https://lists.openembedded.org/g/openembedded-devel/message/125022 Mute This Topic: https://lists.openembedded.org/mt/118237655/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
