diff options
author | shreerag <shreerag@google.com> | 2017-09-29 17:13:11 -0700 |
---|---|---|
committer | shreerag <shreerag@google.com> | 2017-10-02 10:38:43 -0700 |
commit | 7ef52f3fafca0d232649e3b330bfc45f692e2416 (patch) | |
tree | 81d4eed6f8534d307e07f2de4bcad1863e65c7df | |
parent | f2d9cf66728a1b7626e5e8e46ce20acd1fcd3f38 (diff) | |
download | wlan-7ef52f3fafca0d232649e3b330bfc45f692e2416.tar.gz |
bcm4343: Fix remote code excution vulnerability
Android Security Bulletin 2017#07
Broadcom component Device Specific patches
The vulnerability exists in the function wlc_bss_parse_wme_ie.
The specific flaw is a buffer overflow when parsing the WME IE
in the Association Response from an access point,
allowing a buffer overflow and code execution.
This fix is designed to add length validation to the WME IE parsing.
CVE-2017-9417
Reference: A-38041027 (B-RB#123023)
Bug: 64606503
Change-Id: I13ef70ccd50237f029801ff699bac50008b7bd78
-rw-r--r-- | bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin | bin | 326103 -> 326651 bytes |
-rw-r--r-- | bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin | bin | 297860 -> 298408 bytes |
2 files changed, 0 insertions, 0 deletions
diff --git a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin Binary files differindex 643a886..dec41dc 100644 --- a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin +++ b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin diff --git a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin Binary files differindex e644e90..1748d33 100644 --- a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin +++ b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin |