(Note: this is version 1; there's a later version posted, which does
not have a v2 tag...)
https://lore.kernel.org/linux-wireless/20201208150951.35866-1-ruc_zhangxiao...@163.com/
On Sat, Jan 9, 2021 at 7:11 AM Peter Seiderer wrote:
> On Tue, 8 Dec 2020 20:45:23 +0800, Xiaohui Zhang
> wrote:
Hello Zhang,
On Tue, 8 Dec 2020 20:45:23 +0800, Xiaohui Zhang
wrote:
> From: Zhang Xiaohui
>
> mwifiex_config_scan() calls memcpy() without checking
> the destination size may trigger a buffer overflower,
> which a local user could use to cause denial of service
> or the execution of
Brian Norris writes:
> On Tue, Dec 8, 2020 at 7:14 AM Xiaohui Zhang wrote:
>>
>> From: Zhang Xiaohui
>>
>> mwifiex_config_scan() calls memcpy() without checking
>> the destination size may trigger a buffer overflower,
>> which a local user could use to cause denial of service
>> or the
Hi Xiaohui,
On Wed, Dec 9, 2020 at 12:07 AM Xiaohui Zhang wrote:
>
> From: Zhang Xiaohui
>
> mwifiex_config_scan() calls memcpy() without checking
> the destination size may trigger a buffer overflower,
> which a local user could use to cause denial of service
> or the execution of arbitrary
On Tue, Dec 8, 2020 at 7:14 AM Xiaohui Zhang wrote:
>
> From: Zhang Xiaohui
>
> mwifiex_config_scan() calls memcpy() without checking
> the destination size may trigger a buffer overflower,
> which a local user could use to cause denial of service
> or the execution of arbitrary code.
> Fix it
From: Zhang Xiaohui
mwifiex_config_scan() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().
Signed-off-by:
Xiaohui Zhang writes:
> From: Zhang Xiaohui
>
> mwifiex_config_scan() calls memcpy() without checking
> the destination size may trigger a buffer overflower,
> which a local user could use to cause denial of service
> or the execution of arbitrary code.
> Fix it by putting the length check
From: Zhang Xiaohui
mwifiex_config_scan() calls memcpy() without checking
the destination size may trigger a buffer overflower,
which a local user could use to cause denial of service
or the execution of arbitrary code.
Fix it by putting the length check before calling memcpy().
Signed-off-by:
8 matches
Mail list logo