HomeDefault status
unaffected
8ca4cdef93297c9b9bf08da39bc940bd20acbb94 (git) before 9765d6eb8298b07d499cdf9ef7c237d3540102d6
affected
8ca4cdef93297c9b9bf08da39bc940bd20acbb94 (git) before 90a15ff324645aa806d81fa349497cd964861b66
affected
8ca4cdef93297c9b9bf08da39bc940bd20acbb94 (git) before dd39edb445f07400e748da967a07d5dca5c5f96e
affected
Default status
affected
6.9
affected
Any version before 6.9
unaffected
6.12.64 (semver)
unaffected
6.18.4 (semver)
unaffected
6.19 (original_commit_for_fix)
unaffected
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT. Othwerwise, UBSAN warn: UBSAN: array-index-out-of-bounds in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c:514:30 index 10 is out of range for type 'rtl_tid_data [9]'
Product status
8ca4cdef93297c9b9bf08da39bc940bd20acbb94 (git) before 9765d6eb8298b07d499cdf9ef7c237d3540102d6
8ca4cdef93297c9b9bf08da39bc940bd20acbb94 (git) before 90a15ff324645aa806d81fa349497cd964861b66
8ca4cdef93297c9b9bf08da39bc940bd20acbb94 (git) before dd39edb445f07400e748da967a07d5dca5c5f96e
6.9
Any version before 6.9
6.12.64 (semver)
6.18.4 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/9765d6eb8298b07d499cdf9ef7c237d3540102d6
git.kernel.org/...c/90a15ff324645aa806d81fa349497cd964861b66
git.kernel.org/...c/dd39edb445f07400e748da967a07d5dca5c5f96e