A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. the station receive a tdls setup request or respone frame which the EID_SUPP_RATES IE 's length is larger than 32 will cause Heap Overflow.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1776184]
Name: Huangwen and Wang Qize (ADLab of VenusTech)