A vulnerability was found in marvell wifi chip driver in Linux kernel. There is a stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c allows remote attackers to cause a denial of service(system crash) or possibly execute arbitrary code. When some STAs work in IBSS mode, they can connect to each other without AP. lbs_ibss_join_existing will be called when STA joins IBSS network.
Proposed upstream patch:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1776146]
Name: ADLab of Venustech