Google Git
Sign in
kernel / pub / scm / linux / security / vulns / refs/heads/sasha-cve / . / cve / published / 2024 / CVE-2024-56539.json
blob: 009bdfb804da610c75767adb0985f17b920ef5d6 [file] [log] [blame]
{
"containers": {
"cna": {
"providerMetadata": {
"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
},
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv->ssid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in->ssid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv->ssid,\n user_scan_in->ssid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn't account for the size of the one-element\narray, so it doesn't need to be changed."
}
],
"affected": [
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/wireless/marvell/mwifiex/fw.h"
],
"versions": [
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "a09760c513ae0f98c7082a1deace7fb6284ee866",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "1de0ca1d7320a645ba2ee5954f64be08935b002a",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "5fa329c44e1e635da2541eab28b6cdb8464fc8d1",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "581261b2d6fdb4237b24fa13f5a5f87bf2861f2c",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "b466746cfb6be43f9a1457bbee52ade397fb23ea",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "c4698ef8c42e02782604bf4f8a489dbf6b0c1365",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "e2de22e4b6213371d9e76f74a10ce817572a8d74",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "d7774910c5583e61c5fe2571280366624ef48036",
"status": "affected",
"versionType": "git"
},
{
"version": "5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e",
"lessThan": "d241a139c2e9f8a479f25c75ebd5391e6a448500",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/net/wireless/marvell/mwifiex/fw.h"
],
"versions": [
{
"version": "3.0",
"status": "affected"
},
{
"version": "0",
"lessThan": "3.0",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "4.19.325",
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.4.287",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.10.231",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "5.15.174",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.1.120",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.6.64",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.11.11",
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.12.2",
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"versionType": "semver"
},
{
"version": "6.13",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "4.19.325"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "5.4.287"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "5.10.231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "5.15.174"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "6.1.120"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "6.6.64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "6.11.11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "6.12.2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndExcluding": "6.13"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866"
},
{
"url": "https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a"
},
{
"url": "https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1"
},
{
"url": "https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c"
},
{
"url": "https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea"
},
{
"url": "https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365"
},
{
"url": "https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74"
},
{
"url": "https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036"
},
{
"url": "https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500"
}
],
"title": "wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
"cveID": "CVE-2024-56539",
"requesterUserId": "gregkh@kernel.org",
"serial": "1",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}