Acked: [PATCH v2] CVE-2011-2517
Seth Forshee
seth.forshee at canonical.com
Tue Oct 11 22:19:57 UTC 2011
On Tue, Oct 11, 2011 at 06:01:19PM +0200, Paolo Pisati wrote:
> CVE-2011-2517:
> Buffer overflow flaws in the Linux kernel's netlink-based wireless
> configuration interface implementation could allow a local user,
> who has the CAP_NET_ADMIN capability, to cause a denial of service
> or escalate their privileges on systems that have an active wireless
> interface.
>
> The cve advisory mentions two commits (208c72f4fe44fe09577e7975ba0e7fa0278f3d03
> and 57a27e1d6a3bb9ad4efeebd3a8c71156d6207536) but the second one supersedes the
> first one, so i picked and adapted that.
>
> Following this email are 3 patches for lucid/master, lucid/fsl-imx51 and
> another one for maverick/[master|ti-omap4], natty/[master|ti-omap4].
> Lucid/[ec2|mvl-dove] and maverick/mvl-dove will get it after the next rebase.
>
> Paolo Pisati (1):
> nl80211: fix overflow in ssid_len - CVE-2011-2517
>
> net/wireless/nl80211.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> --
> 1.7.5.4
The backports look correct. One note however; the patches are missing
the From line required to maintain authorship information.
Acked-by: Seth Forshee <seth.forshee at canonical.com>
More information about the kernel-team
mailing list