A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_process_tdls_action_frame function in marvell/mwifiex/tdls.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code. the station receive a tdls setup request or respone frame which the EID_SUPP_RATES IE 's length is larger than 32 will cause Heap Overflow.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1776184]
Name: Huangwen and Wang Qize (ADLab of VenusTech)
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):