mt76: fix array overflow on receiving too many fragments for a packet - wireguard-linux

diff options

author	Felix Fietkau <nbd@nbd.name>	2020-02-20 12:41:39 +0100
committer	Kalle Valo <kvalo@codeaurora.org>	2020-03-03 17:30:25 +0200
commit	b102f0c522cf668c8382c56a4f771b37d011cda2 (patch)
tree	7241c52d1e25587c46fe14df15ee207c0c11eeaf /net/unix/af_unix.c
parent	iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (diff)
download	wireguard-linux-b102f0c522cf668c8382c56a4f771b37d011cda2.tar.xz wireguard-linux-b102f0c522cf668c8382c56a4f771b37d011cda2.zip

mt76: fix array overflow on receiving too many fragments for a packet

If the hardware receives an oversized packet with too many rx fragments, skb_shinfo(skb)->frags can overflow and corrupt memory of adjacent pages. This becomes especially visible if it corrupts the freelist pointer of a slab page. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: