git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Stefan Ghinea <stefan.ghinea@windriver.com>
	Wed, 3 Mar 2021 18:53:08 +0000 (20:53 +0200)
committer	Anuj Mittal <anuj.mittal@intel.com>
	Wed, 10 Mar 2021 02:12:59 +0000 (10:12 +0800)
commit	5dc8a0a3a22add1e0bb9970c37d014b4abbca049
tree	eb0a9062a8810f9fe66e35a848e9727885dd32f4	tree \| snapshot
parent	0c6dfc8a04c5048f395765d50b3fe4ba8a36c4c6	commit \| diff

wpa-supplicant: fix CVE-2021-27803

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant
before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests.
It could result in denial of service or other impact (potentially
execution of arbitrary code), for an attacker within radio range.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-27803

Upstream patches:
https://w1.fi/cgit/hostap/commit/?id=8460e3230988ef2ec13ce6b69b687e941f6cdb32

Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81e4260b83c52558c320fd7d1c1eafcb312ad6be)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2021-27803.patch	[new file with mode: 0644]	blob
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb		diff \| blob \| blame \| history