Pkshih <pkshih@xxxxxxxxxxx> writes: > On Fri, 2019-10-18 at 07:43 -0400, Laura Abbott wrote: >> Nicolas Waisman noticed that even though noa_len is checked for >> a compatible length it's still possible to overrun the buffers >> of p2pinfo since there's no check on the upper bound of noa_num. >> Bound noa_num against P2P_MAX_NOA_NUM. >> >> Reported-by: Nicolas Waisman <nico@xxxxxxxxxx> >> Signed-off-by: Laura Abbott <labbott@xxxxxxxxxx> > > Acked-by: Ping-Ke Shih <pkshih@xxxxxxxxxxx> > and Please CC to stable > Cc: Stable <stable@xxxxxxxxxxxxxxx> # 4.4+ > > --- > > Hi Kalle, > > This bug was existing since v3.10, and directory of wireless drivers were > moved at v4.4. Do I need send another patch to fix this issue for longterm > kernel v3.16.75? Yeah, I think you need to send a separate patch to the stable list (after this commit is in Linus' tree). -- https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches