Re: [PATCH] wifi: brcmfmac: cyw: fix heap overflow on a short auth frame
From: Arend van Spriel
Date: Mon Jul 06 2026 - 15:09:26 EST
On Sat, 27 Jun 2026 21:13:13 +0800, Maoyi Xie wrote:
> brcmf_notify_auth_frame_rx() takes the frame length from the firmware
> event and copies the frame body with the management header offset
> subtracted:
[...]
> Reject frames shorter than the management header offset before the copy.
>
> Fixes: 66f909308a7c ("wifi: brcmfmac: cyw: support external SAE authentication in station mode")
> Link: https://lore.kernel.org/r/178214417708.2368577.16740907093694208834@xxxxxxxxxxxx
> Cc: stable@xxxxxxxxxxxxxxx
> Co-developed-by: Kaixuan Li <kaixuan.li@xxxxxxxxxx>
> Signed-off-by: Kaixuan Li <kaixuan.li@xxxxxxxxxx>
> Signed-off-by: Maoyi Xie <maoyixie.tju@xxxxxxxxx>
> ---
> .../broadcom/brcm80211/brcmfmac/cyw/core.c | 6 ++++++
> 1 file changed, 6 insertions(+)
Nit: the Link: tag in the commit message is normally added by the
maintainer at apply time, not by the submitter. Please drop it.
Acked-by: Arend van Spriel <arend.vanspriel@xxxxxxxxxxxx>
Regards,
Arend