[Buildroot] [PATCH] package/wpa_supplicant: add upstream 2021-1 security fix

Peter Korsgaard peter at korsgaard.com
Sun Mar 14 20:32:46 UTC 2021


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issue:
 > - wpa_supplicant P2P provision discovery processing vulnerability (no CVE
 >   yet)

 > A vulnerability was discovered in how wpa_supplicant processes P2P
 > (Wi-Fi Direct) provision discovery requests. Under a corner case
 > condition, an invalid Provision Discovery Request frame could end up
 > reaching a state where the oldest peer entry needs to be removed. With
 > a suitably constructed invalid frame, this could result in use
 > (read+write) of freed memory. This can result in an attacker within
 > radio range of the device running P2P discovery being able to cause
 > unexpected behavior, including termination of the wpa_supplicant process
 > and potentially code execution.

 > For more details, see the advisory:
 > https://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list