[SRU][J/F/K][PATCH] CVE-2022-47520
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Jan 12 23:26:00 UTC 2023
[Impact]
There exists an unchecked index in the wilc1000 driver that could trigger an
out-of-bound read vulnerability, damaging system's integrity and
confidentiality for microchip wilc1000 users.
[Backport]
Although Xenial and Bionic are affected by this vulnerability as well, it was
believed that backporting to these two kernels is not necessary or of low
priority: Xenial does not build wilc1000 driver, and Bionic users can use a
newer and safer version of this driver from OEM or Focal.
It is a clean cherry pick for Focal and Kinetic. For Jammy, there lies a commit
that refactored all C++ style comment to C style comment, causing conflict when
backporting this patch. Since the conflict is trivial, I chose to ignore the
conflict.
[Test]
Due to lack of hardware, all the patches were only compile tested.
[Potential Regression]
The scope of regression is limited to wilc1000/hif.c (or wilc1000/wilc_hif.c
before the refactoring), affected users are wilc1000 users.
Phil Turnbull (1):
wifi: wilc1000: validate pairwise and authentication suite offsets
drivers/net/wireless/microchip/wilc1000/hif.c | 21 ++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list