References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't trust firmware n_channels

If the firmware sends us a corrupted MCC response with
n_channels much larger than the command response can be,
we might copy far too much (uninitialized) memory and
even crash if the n_channels is large enough to make it
run out of the one page allocated for the FW response.

Fix that by checking the lengths. Doing a < comparison
would be sufficient, but the firmware should be doing
it correctly, so check more strictly.

https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6

https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2

https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473

https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45

https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30

https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b