[PATCH v2 0/3] wifi: wcn36xx: fix OOB reads and heap overflow from firmware responses
Jeff Johnson
jeff.johnson at oss.qualcomm.com
Thu Apr 16 09:25:05 PDT 2026
On 4/15/2026 3:37 PM, Tristan Madani wrote:
> From: Tristan Madani <tristan at talencesecurity.com>
>
> Hi Loic,
>
> Note: this is a v2 resubmission. The original was sent via Gmail which
> caused HTML rendering issues. This version uses git send-email for
> proper plain-text formatting.
>
> Three issues in wcn36xx HAL firmware response handling, including a heap
> overflow in the main response dispatcher:
>
> Proposed fixes in the following patches.
>
> Thanks,
> Tristan
Are you able to cause these issues to occur?
My expectation is that this is testing things that firmware will never do, and
hence this adds code and processing with no actual benefit.
/jeff
More information about the wcn36xx
mailing list