An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. Reference: Upstream commit:

Created kernel tracking bugs for this issue: Affects:….

Source link

You must be logged in to post a comment.