+7
−2
Loading
Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more
The tx mtu in EATT can be controlled by remote device. With malicious mtu values, it is possible to trigger integer overflow and OOB write at multiple places (see the bug below). This fix enforces a max tx mtu in EATT. Bug: 271335899 Test: manual Ignore-AOSP-First: security Tag: #security Change-Id: Ia06c9a17f2daa5ce4c32cffa536777f47774cf31