Re: Linux kernel: heap overflow in the marvell wifi driver

[Solar Designer <solar () openwall com>]

On Fri, Nov 22, 2019 at 08:51:31PM +0800, qize wang wrote:
> some flaws were found in the Linux kernel's Marvell wifi chip driver. 
> multi heap overflow in mwifiex_process_tdls_action_frame function in 
> marvell/mwifiex/tdls.c which allows remote attackers to cause a denial 
> of service(system crash) or execute arbitrary code.
>
> the station receive a tdls setup request or respone frame which IE 's 
> length is larger than the heap buffer assigned (for example : the 
> EID_SUPP_RATES IE's length > 255) will cause heap overflow??

Red Hat has assigned CVE-2019-14901 to this issue.

Alexander