4340 – CVE-2023-23559

Bug 4340 - CVE-2023-23559

Summary: CVE-2023-23559

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	GuixinLiu
QA Contact:	shuming

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-03-03 16:20 UTC by hujian1
Modified:	2023-07-05 15:38 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description hujian1 2023-03-03 16:20:47 UTC

Description:
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/?id=b870e73a56c4cccbec33224233eaf295839f228c&id2=ed05cb177ae5cd7f02f1d6e7706ba627d30f1696
https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/

Comment 1 hujian1 2023-03-03 16:34:09 UTC

Upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c

Comment 2 maqiao alibaba_cloud_group

2023-07-05 15:38:28 UTC

merged: https://gitee.com/anolis/cloud-kernel/pulls/1349