Vigil@nce - Linux kernel: buffer overflow of the prima WLAN driver
March 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow in the prima WLAN
driver of the Linux kernel, in order to trigger a denial of
service, and possibly to run code.
Impacted products: Linux.
Severity: 2/4.
Creation date: 26/01/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux driver prima WLAN is used in some Android based devices.
The ioctl system call is used for special operations like setting
or getting interface parameters. However, the command numbered
0x8bf7 of this driver does not rightly check its parameters. If
the size of data is greater than the size of the storage array, an
overflow occurs.
An attacker can therefore generate a buffer overflow in the prima
WLAN driver of the Linux kernel, in order to trigger a denial of
service, and possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-buffer-overflow-of-the-prima-WLAN-driver-18817