Re: [PATCH 5.6] mt76: fix array overflow on receiving too many fragments for a packet

3 Mar 2020

      Felix Fietkau nbd@nbd.name wrote:
...
If the hardware receives an oversized packet with too many rx fragments,
skb_shinfo(skb)->frags can overflow and corrupt memory of adjacent pages.
This becomes especially visible if it corrupts the freelist pointer of
a slab page.
Cc: stable@vger.kernel.org
Signed-off-by: Felix Fietkau nbd@nbd.name
Patch applied to wireless-drivers.git, thanks.
b102f0c522cf mt76: fix array overflow on receiving too many fragments for a packet
-- 
https://patchwork.kernel.org/patch/11393869/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatch...

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH 5.6] mt76: fix array overflow on receiving too many fragments for a packet