huangwenabc@xxxxxxxxx wrote: > From: Wen Huang <huangwenabc@xxxxxxxxx> > > add_ie_rates() copys rates without checking the length > in bss descriptor from remote AP.when victim connects to > remote attacker, this may trigger buffer overflow. > lbs_ibss_join_existing() copys rates without checking the length > in bss descriptor from remote IBSS node.when victim connects to > remote attacker, this may trigger buffer overflow. > Fix them by putting the length check before performing copy. > > This fix addresses CVE-2019-14896 and CVE-2019-14897. > > Signed-off-by: Wen Huang <huangwenabc@xxxxxxxxx> Please fix the warning reported by kbuild bot. Patch set to Changes Requested. -- https://patchwork.kernel.org/patch/11257187/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
