diff options
| author | lingsen1 <lingsen1@lenovo.com> | 2018-04-25 16:52:28 +0800 |
|---|---|---|
| committer | Moyster <oysterized@gmail.com> | 2019-07-20 13:03:14 +0200 |
| commit | 09d9186d9ecface67bb121aebda7cdff67e76b15 (patch) | |
| tree | 06048b95200d55ed2341958b4143ce7715f7e91d | |
| parent | 29c5f398800d3b8ce6b21f249dfe68b217ba0723 (diff) | |
(CR) ALPS03877842(For_mt6737m_35_n1_alps-mp-n1.mp1-V1_P113)
Patch Type:
Customer Request
CR ID:
ALPS03877842
Severity:
Description:
[Patch Request] [PMS] mt, Project: mt6737M_35_N1, SW Version: alps-mp-n1.mp1-V1N/A
Associated Files:
device/mt/mt6737m_35_n1/ProjectConfig.mk
vendor/mt/libs/libmtk-art-runtime/arm/libmtk-art-runtime.a
Patch Type:
Customer Request
CR ID:
ALPS03683903
Severity:
Critical
Description:
[Buganizer]Security Vulnerability Issue 70515752 - [An***d GO Pen***ing] Mediatek Preloader Allows Arbitrary Peripheral Memory Reads and Writes
[[Title fo***ustomer]]
[Buganizer]Security Vulnerability Issue 70515752 - [An***d GO Pen***ing] Mediatek Preloader Allows Arbitrary Peripheral Memory Reads and Writes
[[Problem Description]]
[Buganizer]Security Vulnerability Issue 70515752 - [An***d GO Pen***ing] Mediatek Preloader Allows Arbitrary Peripheral Memory Reads and Writes
[[Potential Impa*** of the solution]]
No
[[Modules to be verified after taking p***h]]
No
[[問題標題]]
[Buganizer]Security Vulnerability Issue 70515752 - [An***d GO Pen***ing] Mediatek Preloader Allows Arbitrary Peripheral Memory Reads and Writes
[[問題現象]]
[Buganizer]Security Vulnerability Issue 70515752 - [An***d GO Pen***ing] Mediatek Preloader Allows Arbitrary Peripheral Memory Reads and Writes
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
No
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
NoN/A
Associated Files:
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/src/core/download.c
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/src/core/inc/download.h
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/src/drivers/inc/mt6735.h
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/src/security/inc/sec_region.h
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/src/security/sec_region.c
Patch Type:
Customer Request
CR ID:
ALPS03693488
Severity:
Critical
Description:
[Buganizer]Security Vulnerability Issue 70515281 - [An***d GO Pen***ing] Mediatek Preloader ¡§Download Mode¡¨ Memory Corruption
[[Title fo***ustomer]]
[Buganizer]Security Vulnerability Issue 70515281 - [An***d GO Pen***ing] Mediatek Preloader Download Mode Memory Corruption
[[Problem Description]]
[Buganizer]Security Vulnerability Issue 70515281 - [An***d GO Pen***ing] Mediatek Preloader Download Mode Memory Corruption
[[Potential Impa*** of the solution]]
no
[[Modules to be verified after taking p***h]]
boot
[[問題標題]]
[Buganizer]Security Vulnerability Issue 70515281 - [An***d GO Pen***ing] Mediatek Preloader Download Mode Memory Corruption
[[問題現象]]
[Buganizer]Security Vulnerability Issue 70515281 - [An***d GO Pen***ing] Mediatek Preloader Download Mode Memory Corruption
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
no
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
bootN/A
Associated Files:
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/link_descriptor.ld
vendor/mediatek/proprietary/bootable/bootloader/preloader/platform/mt6735/src/core/partition.c
Patch Type:
Customer Request
CR ID:
ALPS03740330
Severity:
Critical
Description:
[Buganizer]Security Vulnerability Issue 71867247 - [An***d GO Pen***ing] - Remo***emory Corruption in Mediatek WiFi TLDS Frame Parser
[[Title fo***ustomer]]
[Buganizer]Security Vulnerability Issue 71867247 - [An***d GO Pen***ing] - Remo***emory Corruption in Mediatek WiFi TLDS Frame Parser
[[Problem Description]]
[Buganizer]Security Vulnerability Issue 71867247 - [An***d GO Pen***ing] - Remo***emory Corruption in Mediatek WiFi TLDS Frame Parser
[[Potential Impa*** of the solution]]
None
[[Modules to be verified after taking p***h]]
None
[[問題標題]]
[Buganizer]Security Vulnerability Issue 71867247 - [An***d GO Pen***ing] - Remo***emory Corruption in Mediatek WiFi TLDS Frame Parser
[[問題現象]]
[Buganizer]Security Vulnerability Issue 71867247 - [An***d GO Pen***ing] - Remo***emory Corruption in Mediatek WiFi TLDS Frame Parser
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
None
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
NoneN/A
Associated Files:
kernel-3.18/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c
Patch Type:
Customer Request
CR ID:
ALPS03862169
Severity:
Critical
Description:
[Google Security P***h][CVE_2017_13311]EoP Vulnerability in ProcessStats
[[Title fo***ustomer]]
[Google Security P***h][CVE_2017_13311]EoP Vulnerability in ProcessStats
[[Problem Description]]
[Google Security P***h][CVE_2017_13311]EoP Vulnerability in ProcessStats
[[Potential Impa*** of the solution]]
None
[[Modules to be verified after taking p***h]]
None
[[問題標題]]
[Google Security P***h][CVE_2017_13311]EoP Vulnerability in ProcessStats
[[問題現象]]
[Google Security P***h][CVE_2017_13311]EoP Vulnerability in ProcessStats
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
None
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
NoneN/A
Associated Files:
frameworks/base/core/java/com/android/internal/app/procstats/SparseMappingTable.java
Patch Type:
Customer Request
CR ID:
ALPS03862180
Severity:
Critical
Description:
[Google Security P***h][CVE_2017_13316]ID Vulnerability in Speech recognizer
[[Title fo***ustomer]]
[Google Security P***h][CVE_2017_13316]ID Vulnerability in Speech recognizer
[[Problem Description]]
[Google Security P***h][CVE_2017_13316]ID Vulnerability in Speech recognizer
[[Potential Impa*** of the solution]]
None
[[Modules to be verified after taking p***h]]
None
[[問題標題]]
[Google Security P***h][CVE_2017_13316]ID Vulnerability in Speech recognizer
[[問題現象]]
[Google Security P***h][CVE_2017_13316]ID Vulnerability in Speech recognizer
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
None
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
NoneN/A
Associated Files:
frameworks/base/core/java/android/content/PermissionChecker.java
frameworks/base/core/java/android/speech/RecognitionService.java
Patch Type:
Customer Request
CR ID:
ALPS03862195
Severity:
Critical
Description:
[Google Security P***h][CVE_2017_13319]ID/DoS Vulnerability in MP3 codec
[[Title fo***ustomer]]
[Google Security P***h][CVE_2017_13319]ID/DoS Vulnerability in MP3 codec
[[Problem Description]]
[Google Security P***h][CVE_2017_13319]ID/DoS Vulnerability in MP3 codec
[[Potential Impa*** of the solution]]
None
[[Modules to be verified after taking p***h]]
None
[[問題標題]]
[Google Security P***h][CVE_2017_13319]ID/DoS Vulnerability in MP3 codec
[[問題現象]]
[Google Security P***h][CVE_2017_13319]ID/DoS Vulnerability in MP3 codec
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
None
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
NoneN/A
Associated Files:
frameworks/av/media/libstagefright/codecs/mp3dec/src/pvmp3_decode_header.cpp
Patch Type:
Customer Request
CR ID:
ALPS03862206
Severity:
Critical
Description:
[Google Security P***h][CVE_2017_16643]ID Vulnerability in USB driver (Device Specific)
[[Title fo***ustomer]]
[Google Security P***h][CVE_2017_16643]ID Vulnerability in USB driver (Device Specific)
[[Problem Description]]
[Google Security P***h][CVE_2017_16643]ID Vulnerability in USB driver (Device Specific)
[[Potential Impa*** of the solution]]
None
[[Modules to be verified after taking p***h]]
None
[[問題標題]]
[Google Security P***h][CVE_2017_16643]ID Vulnerability in USB driver (Device Specific)
[[問題現象]]
[Google Security P***h][CVE_2017_16643]ID Vulnerability in USB driver (Device Specific)
[[解法可能帶來的影響]]
(請填寫於此行下方,並描述如果合入這個p***h可能會有什麼trade off的改變,如perfo******e降低、UI改變等等)
None
[[建議驗證模塊]]
(請填寫於此行下方,並建議客戶合了此p***h後要驗證哪些module或feature)
NoneN/A
Associated Files:
kernel-3.18/drivers/input/tablet/gtco.c
Change-Id: I584cb0ab7b367a80b61730adea475093ca98f3f4
| -rw-r--r-- | drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c b/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c index 743247d22..5d2dd0c96 100644 --- a/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c +++ b/drivers/misc/mediatek/connectivity/wlan/gen2/mgmt/tdls.c @@ -4984,7 +4984,8 @@ VOID TdlsexRxFrameHandle(GLUE_INFO_T *prGlueInfo, UINT8 *pPkt, UINT16 u2PktLen) switch (ucElmId) { case ELEM_ID_HT_CAP: /* 0x2d */ /* backup the HT IE of 1st unhandled setup request frame */ - if (prGlueInfo->rTdlsHtCap.ucId == 0x00) { + if (prGlueInfo->rTdlsHtCap.ucId == 0x00 && + ucElmLen <= sizeof(IE_HT_CAP_T) - 2) { kalMemCopy(prGlueInfo->aucTdlsHtPeerMac, pucPeerMac, 6); kalMemCopy(&prGlueInfo->rTdlsHtCap, pPkt - 2, ucElmLen + 2); |