diff options
author | Stefan Ghinea <stefan.ghinea@windriver.com> | 2021-02-23 21:20:28 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-03-10 00:24:26 +0000 |
commit | edb299e2ba5c9d8d0e3f26cd89e9d7a0c3e6bfe6 (patch) | |
tree | 75fdda5b98aaa45f7fabcb5d4ab66484e44e70fd /meta/lib | |
parent | 8b9b189c2e673e3714d2f3defd1f9169f2fafaf4 (diff) | |
download | poky-edb299e2ba5c9d8d0e3f26cd89e9d7a0c3e6bfe6.tar.gz |
wpa-supplicant: fix CVE-2021-0326
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write
due to a missing bounds check. This could lead to remote code execution
if the target device is performing a Wi-Fi Direct search, with no
additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android-10 Android-11
Android-8.1 Android-9 Android ID: A-172937525
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0326
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches>
(From OE-Core rev: 869d88ef4de52e0f9928de1dadf60dbbb0486ea5)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b7940edabe100512e8f558cc37f9da836feae74d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
0 files changed, 0 insertions, 0 deletions