diff options
author | Stefan Ghinea <stefan.ghinea@windriver.com> | 2021-02-23 21:20:28 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-02-26 15:21:20 +0000 |
commit | eceb7357a64c6fb31fceeb68af59a4acb3c51a25 (patch) | |
tree | 49e940bb5ba6750680f3c31eadb245c5baa2be42 /meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | |
parent | 730ea923ac3f2265418e92eb0de424931bed1ba4 (diff) | |
download | poky-eceb7357a64c6fb31fceeb68af59a4acb3c51a25.tar.gz |
wpa-supplicant: fix CVE-2021-0326
In p2p_copy_client_info of p2p.c, there is a possible out of bounds write
due to a missing bounds check. This could lead to remote code execution
if the target device is performing a Wi-Fi Direct search, with no
additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android-10 Android-11
Android-8.1 Android-9 Android ID: A-172937525
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-0326
Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=947272febe24a8f0ea828b5b2f35f13c3821901e<links_for_CVE_patches>
(From OE-Core rev: b7940edabe100512e8f558cc37f9da836feae74d)
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb')
-rw-r--r-- | meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb index 7cc03fef7d..85ac28d881 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb | |||
@@ -29,6 +29,7 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ | |||
29 | file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \ | 29 | file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \ |
30 | file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ | 30 | file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \ |
31 | file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ | 31 | file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \ |
32 | file://CVE-2021-0326.patch \ | ||
32 | " | 33 | " |
33 | SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" | 34 | SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190" |
34 | SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" | 35 | SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17" |