bcm4343: Fix remote code excution vulnerability
Android Security Bulletin 2017#07
Broadcom component Device Specific patches
The vulnerability exists in the function wlc_bss_parse_wme_ie.
The specific flaw is a buffer overflow when parsing the WME IE
in the Association Response from an access point,
allowing a buffer overflow and code execution.
This fix is designed to add length validation to the WME IE parsing.
CVE-2017-9417
Reference: A-38041027 (B-RB#123023)
Bug: 64606503
Change-Id: I13ef70ccd50237f029801ff699bac50008b7bd78
2 files changed