jsauer/torvalds-linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-01-17 20:10:49 +00:00
Code
torvalds-linux/net/wireless
History
Veerendranath Jakkam 023c1f2f06 wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation 
Currently during the multi-link element defragmentation process, the
multi-link element length added to the total IEs length when calculating
the length of remaining IEs after the multi-link element in
cfg80211_defrag_mle(). This could lead to out-of-bounds access if the
multi-link element or its corresponding fragment elements are the last
elements in the IEs buffer.

To address this issue, correctly calculate the remaining IEs length by
deducting the multi-link element end offset from total IEs end offset.

Cc: stable@vger.kernel.org
Fixes: 2481b5da9c6b ("wifi: cfg80211: handle BSS data contained in ML probe responses")
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Link: https://patch.msgid.link/20250424-fix_mle_defragmentation_oob_access-v1-1-84412a1743fa@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2025-05-06 21:04:40 +02:00
..
certs
wifi: cfg80211: fix certs build to not depend on file order
2023-12-14 09:11:51 +01:00
tests
wireless-next patches for v6.14
2024-12-19 18:54:07 -08:00
.gitignore
ap.c
wifi: cfg80211: remove wdev mutex
2023-09-11 11:27:23 +02:00
chan.c
wifi: cfg80211: expose cfg80211_chandef_get_width()
2025-03-12 09:50:24 +01:00
core.c
treewide: Switch/rename to timer_delete[_sync]()
2025-04-05 10:30:12 +02:00
core.h
wifi: cfg80211: move link reconfig parameters into a struct
2025-03-11 10:51:58 +01:00
debugfs.c
wifi: cfg80211: add locked debugfs wrappers
2023-11-27 11:24:58 +01:00
debugfs.h
ethtool.c
ibss.c
wifi: cfg80211: move DFS related members to links[] in wireless_dev
2024-09-06 13:01:05 +02:00
Kconfig
wifi: cfg80211: stop exporting wext symbols
2024-10-08 21:53:31 +02:00
Makefile
wifi: wext/libipw: move spy implementation to libipw
2024-10-08 21:53:18 +02:00
mesh.c
wifi: cfg80211: move DFS related members to links[] in wireless_dev
2024-09-06 13:01:05 +02:00
mlme.c
wifi: cfg80211: Update the link address when a link is added
2025-03-11 10:53:10 +01:00
nl80211.c
wifi: nl80211: re-enable multi-link reconfiguration
2025-03-18 14:52:11 +01:00
nl80211.h
wifi: cfg80211: Add support for dynamic addition/removal of links
2025-01-13 15:34:08 +01:00
ocb.c
wifi: cfg80211: remove wdev mutex
2023-09-11 11:27:23 +02:00
of.c
pmsr.c
wifi: cfg80211: define and use wiphy guard
2024-12-04 16:10:52 +01:00
radiotap.c
Merge net-next/main to resolve conflicts
2024-10-09 08:59:22 +02:00
rdev-ops.h
wifi: cfg80211: move link reconfig parameters into a struct
2025-03-11 10:51:58 +01:00
reg.c
Merge net-next/main to resolve conflicts
2025-03-18 09:46:36 +01:00
reg.h
wifi: cfg80211: add return docs for regulatory functions
2024-04-19 10:29:08 +02:00
scan.c
wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
2025-05-06 21:04:40 +02:00
sme.c
wireless-next patches for v6.14
2024-12-19 18:54:07 -08:00
sysfs.c
wifi: cfg80211: fully move wiphy work to unbound workqueue
2024-05-29 15:23:33 +02:00
sysfs.h
trace.c
trace.h
wifi: cfg80211: allow setting extended MLD capa/ops
2025-03-11 10:51:59 +01:00
util.c
wifi: cfg80211: expose cfg80211_chandef_get_width()
2025-03-12 09:50:24 +01:00
wext-compat.c
wifi: cfg80211: send MLO links tx power info in GET_INTERFACE
2024-12-04 16:14:46 +01:00
wext-compat.h
Revert "wifi: cfg80211: unexport wireless_nlevent_flush()"
2024-10-09 08:53:01 +02:00
wext-core.c
net: remove get_task_comm() and print task comm directly
2025-01-12 20:21:16 -08:00
wext-priv.c
wext-proc.c
wext-sme.c
wifi: cfg80211: define and use wiphy guard
2024-12-04 16:10:52 +01:00