nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity
kernel/net/wireless
History
Veerendranath Jakkam 023c1f2f06 wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation 
Currently during the multi-link element defragmentation process, the
multi-link element length added to the total IEs length when calculating
the length of remaining IEs after the multi-link element in
cfg80211_defrag_mle(). This could lead to out-of-bounds access if the
multi-link element or its corresponding fragment elements are the last
elements in the IEs buffer.

To address this issue, correctly calculate the remaining IEs length by
deducting the multi-link element end offset from total IEs end offset.

Cc: stable@vger.kernel.org
Fixes: 2481b5da9c ("wifi: cfg80211: handle BSS data contained in ML probe responses")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Link: https://patch.msgid.link/20250424-fix_mle_defragmentation_oob_access-v1-1-84412a1743fa@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2025-05-06 21:04:40 +02:00
..
certs wifi: cfg80211: fix certs build to not depend on file order 2023-12-14 09:11:51 +01:00
tests wireless-next patches for v6.14 2024-12-19 18:54:07 -08:00
.gitignore
ap.c wifi: cfg80211: remove wdev mutex 2023-09-11 11:27:23 +02:00
chan.c wifi: cfg80211: expose cfg80211_chandef_get_width() 2025-03-12 09:50:24 +01:00
core.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
core.h wifi: cfg80211: move link reconfig parameters into a struct 2025-03-11 10:51:58 +01:00
debugfs.c wifi: cfg80211: add locked debugfs wrappers 2023-11-27 11:24:58 +01:00
debugfs.h
ethtool.c wifi: cfg80211: use strscpy to replace strlcpy 2022-07-15 11:43:12 +02:00
ibss.c wifi: cfg80211: move DFS related members to links[] in wireless_dev 2024-09-06 13:01:05 +02:00
Kconfig wifi: cfg80211: stop exporting wext symbols 2024-10-08 21:53:31 +02:00
Makefile wifi: wext/libipw: move spy implementation to libipw 2024-10-08 21:53:18 +02:00
mesh.c wifi: cfg80211: move DFS related members to links[] in wireless_dev 2024-09-06 13:01:05 +02:00
mlme.c wifi: cfg80211: Update the link address when a link is added 2025-03-11 10:53:10 +01:00
nl80211.c wifi: nl80211: re-enable multi-link reconfiguration 2025-03-18 14:52:11 +01:00
nl80211.h wifi: cfg80211: Add support for dynamic addition/removal of links 2025-01-13 15:34:08 +01:00
ocb.c wifi: cfg80211: remove wdev mutex 2023-09-11 11:27:23 +02:00
of.c
pmsr.c wifi: cfg80211: define and use wiphy guard 2024-12-04 16:10:52 +01:00
radiotap.c Merge net-next/main to resolve conflicts 2024-10-09 08:59:22 +02:00
rdev-ops.h wifi: cfg80211: move link reconfig parameters into a struct 2025-03-11 10:51:58 +01:00
reg.c Merge net-next/main to resolve conflicts 2025-03-18 09:46:36 +01:00
reg.h wifi: cfg80211: add return docs for regulatory functions 2024-04-19 10:29:08 +02:00
scan.c wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation 2025-05-06 21:04:40 +02:00
sme.c wireless-next patches for v6.14 2024-12-19 18:54:07 -08:00
sysfs.c wifi: cfg80211: fully move wiphy work to unbound workqueue 2024-05-29 15:23:33 +02:00
sysfs.h
trace.c
trace.h wifi: cfg80211: allow setting extended MLD capa/ops 2025-03-11 10:51:59 +01:00
util.c wifi: cfg80211: expose cfg80211_chandef_get_width() 2025-03-12 09:50:24 +01:00
wext-compat.c wifi: cfg80211: send MLO links tx power info in GET_INTERFACE 2024-12-04 16:14:46 +01:00
wext-compat.h Revert "wifi: cfg80211: unexport wireless_nlevent_flush()" 2024-10-09 08:53:01 +02:00
wext-core.c net: remove get_task_comm() and print task comm directly 2025-01-12 20:21:16 -08:00
wext-priv.c
wext-proc.c
wext-sme.c wifi: cfg80211: define and use wiphy guard 2024-12-04 16:10:52 +01:00