ACK: [SRU][J/F/K][PATCH] CVE-2022-47520
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Jan 13 10:31:13 UTC 2023
On Thu, Jan 12, 2023 at 06:26:00PM -0500, Yuxuan Luo wrote:
> [Impact]
> There exists an unchecked index in the wilc1000 driver that could trigger an
> out-of-bound read vulnerability, damaging system's integrity and
> confidentiality for microchip wilc1000 users.
>
> [Backport]
> Although Xenial and Bionic are affected by this vulnerability as well, it was
> believed that backporting to these two kernels is not necessary or of low
> priority: Xenial does not build wilc1000 driver, and Bionic users can use a
> newer and safer version of this driver from OEM or Focal.
>
> It is a clean cherry pick for Focal and Kinetic. For Jammy, there lies a commit
I think you reversed Focal and Jammy here. Just to clear any confusion.
Great work!
Acked-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
> that refactored all C++ style comment to C style comment, causing conflict when
> backporting this patch. Since the conflict is trivial, I chose to ignore the
> conflict.
>
> [Test]
> Due to lack of hardware, all the patches were only compile tested.
>
> [Potential Regression]
> The scope of regression is limited to wilc1000/hif.c (or wilc1000/wilc_hif.c
> before the refactoring), affected users are wilc1000 users.
>
> Phil Turnbull (1):
> wifi: wilc1000: validate pairwise and authentication suite offsets
>
> drivers/net/wireless/microchip/wilc1000/hif.c | 21 ++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list