Ajay Kathat

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.0.11 **Description** The issue is related to the WILC1000 wireless driver in the Linux kernel, where missing validation of `IEEE80211 P2P ATTR CHANNEL LIST` in `drivers/net/wireless/microchip/wilc1000/cfg80211.c` can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames. This can potentially allow an attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Linux kernel versions prior to 6.0.11, update to version 6.0.11 or later to resolve the issue. As a temporary workaround, consider disabling the WILC1000 wireless driver until a patch is available. Restrict access to the vulnerable `cfg80211.c` module to minimize the risk of exploitation. Avoid using the `IEEE80211 P2P ATTR CHANNEL LIST` attribute in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.0.11 **Description** The issue is related to the WILC1000 wireless driver in the Linux kernel, specifically with the missing validation of `IEEE80211 P2P ATTR OPER CHANNEL` in the `cfg80211.c` file. This can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames, potentially allowing an attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Linux kernel versions prior to 6.0.11, update to version 6.0.11 or later to resolve the issue. As a temporary workaround, consider disabling the WILC1000 wireless driver until a patch is available. Restrict access to the vulnerable `cfg80211.c` file to minimize the risk of exploitation. Avoid using the `IEEE80211 P2P ATTR OPER CHANNEL` attribute in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.0.11 **Description** An issue in the Linux kernel's WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet, potentially allowing an attacker to cause a denial of service or elevate privileges. **Recommendations** For Linux kernel versions prior to 6.0.11, update to version 6.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the `hif.c` file in the `drivers/net/wireless/microchip/wilc1000` directory to minimize the risk of exploitation. Avoid using the `RSN` information element in Netlink packets until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.0.11 **Description** An issue in the Linux kernel's WILC1000 wireless driver is related to a heap-based buffer overflow. This occurs due to missing validation of the number of channels when copying the list of operating channels from Wi-Fi management frames. The exploitation of this issue can allow an attacker to execute arbitrary code or cause a denial of service. **Recommendations** For Linux kernel versions prior to 6.0.11, update to version 6.0.11 or later to resolve the issue. As a temporary workaround, consider disabling the WILC1000 wireless driver until a patch is available. Restrict access to the `cfg80211.c` module in the WILC1000 driver to minimize the risk of exploitation. Avoid using the vulnerable function related to channel validation in the affected driver until the issue is resolved.