From bippy-c9c4e1df01b2 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix buffer overflow in elem comparison

For vendor elements, the code here assumes that 5 octets
are present without checking. Since the element itself is
already checked to fit, we only need to check the length.

The Linux kernel CVE team has assigned CVE-2022-49023 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.1 with commit 0b8fb8235be8 and fixed in 5.4.226 with commit f5c2ec288a86
	Issue introduced in 5.1 with commit 0b8fb8235be8 and fixed in 5.10.158 with commit 9e6b79a3cd17
	Issue introduced in 5.1 with commit 0b8fb8235be8 and fixed in 5.15.82 with commit 88a6fe370788
	Issue introduced in 5.1 with commit 0b8fb8235be8 and fixed in 6.0.12 with commit 391cb8725536
	Issue introduced in 5.1 with commit 0b8fb8235be8 and fixed in 6.1 with commit 9f16b5c82a02

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49023
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/wireless/scan.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b
	https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa
	https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6
	https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1
	https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a