Описание
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
As a result of the execution of the inner while loop, the value of 'idx' can be equal to LINK_QUAL_MAX_RETRY_NUM. However, this is not checked after the loop and 'idx' is used to write the LINK_QUAL_MAX_RETRY_NUM size array 'lq_cmd->rs_table[idx]' below in the outer loop.
The fix is to check the new value of 'idx' inside the nested loop, and break both loops if index equals the size. Checking it at the start is now pointless, so let's remove it.
Detected using the static analysis tool - Svace.
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
As a result of the execution of the inner while loop, the value of 'idx' can be equal to LINK_QUAL_MAX_RETRY_NUM. However, this is not checked after the loop and 'idx' is used to write the LINK_QUAL_MAX_RETRY_NUM size array 'lq_cmd->rs_table[idx]' below in the outer loop.
The fix is to check the new value of 'idx' inside the nested loop, and break both loops if index equals the size. Checking it at the start is now pointless, so let's remove it.
Detected using the static analysis tool - Svace.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-50180
- https://git.kernel.org/stable/c/20be29b99dfed089fe7b8698cd18dfdda6049bd7
- https://git.kernel.org/stable/c/73304c7594080362107bea4c0c3b7da2fb134cc4
- https://git.kernel.org/stable/c/88b551561ded10017dd846c8aeb2296a5119a915
- https://git.kernel.org/stable/c/9f1acb3ce0e37e9c38a6060a0570d56d2963e797
- https://git.kernel.org/stable/c/a8eb8e6f7159c7c20c0ddac428bde3d110890aa7
- https://git.kernel.org/stable/c/b7c39b1a3d4b8d2ba8c13d5ae1303705b03b46d4
- https://git.kernel.org/stable/c/e7d6cac6967534e1298497e853964b3d3f994ce3
- https://git.kernel.org/stable/c/f59e7534e2b11d7c018a412c293897e8417addd4
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.