wpa-supplicant: fix CVE-2021-0326 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Stefan Ghinea <stefan.ghinea@windriver.com>	2021-02-23 21:20:28 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-26 15:21:20 +0000
commit	eceb7357a64c6fb31fceeb68af59a4acb3c51a25 (patch)
tree	49e940bb5ba6750680f3c31eadb245c5baa2be42 /meta/lib
parent	730ea923ac3f2265418e92eb0de424931bed1ba4 (diff)
download	poky-eceb7357a64c6fb31fceeb68af59a4acb3c51a25.tar.gz

wpa-supplicant: fix CVE-2021-0326

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9 Android ID: A-172937525 References: https://nvd.nist.gov/vuln/detail/CVE-2021-0326 Upstream patches: https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches> (From OE-Core rev: b7940edabe100512e8f558cc37f9da836feae74d) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: