Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 52de1e03 authored by Insun Song's avatar Insun Song Committed by Alexander Alexeev
Browse files

net: wireless: bcmdhd_oo: fix integer overflow in wl_get_assoc_ies 



integer overflow case found where signed integer variable converted to
unsigned one without proper bounds checking.
Then this would result in kernel memory corruption by OOB write.

Signed-off-by: default avatarInsun Song <insun.song@broadcom.com>
Bug: 70722061
Change-Id: Idb1aa16ae1bae9c3f601e6688cd263fa95a93bdf
CVE-2017-13292
Signed-off-by: default avatarKevin F. Haggerty <haggertk@lineageos.org>
parent cec273d2
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment