From 7ef52f3fafca0d232649e3b330bfc45f692e2416 Mon Sep 17 00:00:00 2001
From: shreerag <shreerag@google.com>
Date: Fri, 29 Sep 2017 17:13:11 -0700
Subject: bcm4343: Fix remote code excution vulnerability

Android Security Bulletin 2017#07
Broadcom component Device Specific patches

The vulnerability exists in the function wlc_bss_parse_wme_ie.
The specific flaw is a buffer overflow when parsing the WME IE
 in the Association Response from an access point,
 allowing a buffer overflow and code execution.
This fix is designed to add length validation to the WME IE parsing.

CVE-2017-9417
Reference: A-38041027 (B-RB#123023)

Bug: 64606503
Change-Id: I13ef70ccd50237f029801ff699bac50008b7bd78
---
 bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin       | Bin 326103 -> 326651 bytes
 bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin | Bin 297860 -> 298408 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

(limited to 'bcmdhd')

diff --git a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin
index 643a886..dec41dc 100644
Binary files a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin and b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1.bin differ
diff --git a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin
index e644e90..1748d33 100644
Binary files a/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin and b/bcmdhd/firmware/bcm4343/fw_bcm4343_a1_apsta.bin differ
-- 
cgit v1.2.3