In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32)
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
In some versions of cfg80211, the ssids poinet might be a valid one e
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
This comparison should be >= instead of > to prevent an out of bounds
read
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan()
The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BSS
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Fix buffer overflow in debugfs
If the user tries to write more than 32 bytes then it results in memory
corruption.
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: fix potential array out of bounds access
Account for IWL_SEC_WEP_KEY_OFFSET when needed while verifying
key_le
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation
The variable valuesize is declared as u8 but accumulates the
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix buffer overflow in elem comparison
For vendor elements, the code here assumes that 5 octets
are present withou
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: validate HE operation element parsing
Validate that the HE operation element has the correct
length before parsing
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
link_id is taken from the ML Reconfiguration element (control
In the Linux kernel, the following vulnerability has been resolved:
iwlwifi: mei: fix potential NULL-ptr deref
If SKB allocation fails, continue rather than using the NULL
pointer.
Coverity CID: 14
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: increase scan_ies_len for S1G
Currently the S1G capability element is not taken into account
for the scan_ies_len,
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
Set the size to 6 instead of 2, since 'para' array is passe
In the Linux kernel, the following vulnerability has been resolved:
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
The "exc->key_len" is a u16 that comes from the user. If i
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix a potential clc buffer length underflow
The buf_len is used to limit the iterations for retrieving the cou
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: fix linked list corruption
Never leave scheduled wcid entries on the temporary on-stack list
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: fix 6 GHz scan construction
If more than 255 colocated APs exist for the set of all
APs found during 2.4/5 GHz
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: avoid reading out of bounds when loading TX power FW elements
Because the loop-expression will do one more time befor
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Avoid stack buffer overflow from kernel cmdline
While the kernel command line is considered trusted in most environment
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: don't trust firmware n_channels
If the firmware sends us a corrupted MCC response with
n_channels much larger
Page 1+ Next →