Bug 1832530 (CVE-2020-12654) - CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
Summary: CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_stat...
Keywords:
Status: NEW
Alias: CVE-2020-12654
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1807052 1844063 1844065 1844066 1844067 1844068 1844069 1844070 1844071 1844072 1844073 1844075 1844076 1844077 1844078 1844079 1844080 1844082 1844083 1832531 1844074 1844081
Blocks: 1832532
TreeView+ depends on / blocked
 
Reported: 2020-05-06 19:19 UTC by Guilherme de Almeida Suckevicz
Modified: 2020-06-04 17:11 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-05-06 19:19:17 UTC
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy.

Reference and upstream commit:
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875

Comment 1 Guilherme de Almeida Suckevicz 2020-05-06 19:19:57 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1832531]

Comment 2 Justin M. Forbes 2020-05-06 21:18:59 UTC
This was fixed for Fedora with the 5.4.20 stable kernel updates.

Comment 3 Petr Matousek 2020-06-04 14:54:19 UTC
Mitigation:

In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278


Note You need to log in before you can comment on or make changes to this bug.