CVE-2023-54286

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace<br /> <br /> A received TKIP key may be up to 32 bytes because it may contain<br /> MIC rx/tx keys too. These are not used by iwl and copying these<br /> over overflows the iwl_keyinfo.key field.<br /> <br /> Add a check to not copy more data to iwl_keyinfo.key then will fit.<br /> <br /> This fixes backtraces like this one:<br /> <br /> memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.key" at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 (size 16)<br /> WARNING: CPU: 1 PID: 946 at drivers/net/wireless/intel/iwlwifi/dvm/sta.c:1103 iwlagn_send_sta_key+0x375/0x390 [iwldvm]<br /> <br /> Hardware name: Dell Inc. Latitude E6430/0H3MT5, BIOS A21 05/08/2017<br /> RIP: 0010:iwlagn_send_sta_key+0x375/0x390 [iwldvm]<br /> <br /> Call Trace:<br /> <br /> iwl_set_dynamic_key+0x1f0/0x220 [iwldvm]<br /> iwlagn_mac_set_key+0x1e4/0x280 [iwldvm]<br /> drv_set_key+0xa4/0x1b0 [mac80211]<br /> ieee80211_key_enable_hw_accel+0xa8/0x2d0 [mac80211]<br /> ieee80211_key_replace+0x22d/0x8e0 [mac80211]<br />