An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy. Reference and upstream commit: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.4 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a9b153c5591548612c3955c9600a98150c81875
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1832531]
This was fixed for Fedora with the 5.4.20 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:2832 https://access.redhat.com/errata/RHSA-2020:2832
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12654
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3010 https://access.redhat.com/errata/RHSA-2020:3010
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3016 https://access.redhat.com/errata/RHSA-2020:3016
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3041 https://access.redhat.com/errata/RHSA-2020:3041
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3220 https://access.redhat.com/errata/RHSA-2020:3220
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3221 https://access.redhat.com/errata/RHSA-2020:3221
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3222 https://access.redhat.com/errata/RHSA-2020:3222
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:3224 https://access.redhat.com/errata/RHSA-2020:3224
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3226 https://access.redhat.com/errata/RHSA-2020:3226
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:3232 https://access.redhat.com/errata/RHSA-2020:3232
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2020:3389 https://access.redhat.com/errata/RHSA-2020:3389
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:3432 https://access.redhat.com/errata/RHSA-2020:3432
Mitigation: In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module, refer to: https://access.redhat.com/solutions/41278