iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
31e0456de5
linux/drivers/usb/core
History
Alan Stern a03ff54460 USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor 
The syzkaller USB fuzzer found a slab-out-of-bounds write bug in the
USB core, caused by a failure to check the actual size of a BOS
descriptor.  This patch adds a check to make sure the descriptor is at
least as large as it is supposed to be, so that the code doesn't
inadvertently access memory beyond the end of the allocated region
when assigning to dev->bos->desc->bNumDeviceCaps later on.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+71f1e64501a309fcc012@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-21 10:08:55 +02:00
..
buffer.c USB: Removing NULL check for pool since dma_pool_destroy is safe 2018-09-10 20:01:04 +02:00
config.c USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor 2019-05-21 10:08:55 +02:00
devices.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
devio.c usb: core: Replace hardcoded check with inline function from usb.h 2019-02-20 11:29:01 +01:00
driver.c USB: core: Fix bug caused by duplicate interface PM usage counter 2019-04-19 21:15:13 +02:00
endpoint.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
file.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
generic.c USB: Fix configuration selection issues introduced in v4.20.0 2019-02-08 10:22:39 +01:00
hcd-pci.c usb: Don't die twice if PCI xhci host is not responding in resume 2018-09-05 14:36:53 +02:00
hcd.c usb: introduce usb_ep_type_string() function 2019-05-03 09:13:48 +03:00
hub.c USB: changes for v5.2 merge window 2019-05-03 18:05:27 +02:00
hub.h usb: hub: add retry routine after intr URB submit error 2019-01-18 09:58:04 +01:00
Kconfig usb: core: make default autosuspend delay configurable 2019-03-01 20:53:41 +01:00
ledtrig-usbport.c USB: leds: fix regression in usbport led trigger 2019-01-18 09:55:05 +01:00
Makefile usb: core: add a wrapper for the USB PHYs on the HCD 2018-03-09 09:43:53 -08:00
message.c USB: core: Fix unterminated string returned by usb_string() 2019-04-16 12:23:01 +02:00
notify.c USB: core: move existing SPDX tags to top of the file 2017-11-03 10:12:26 +01:00
of.c usb: Change usb_of_get_companion_dev() place to usb/common 2018-09-10 20:40:29 +02:00
otg_whitelist.h USB: core: Remove redundant license text 2017-11-04 11:55:39 +01:00
phy.c usb: core: comply to PHY framework 2019-01-30 09:22:35 +01:00
phy.h usb: core: comply to PHY framework 2019-01-30 09:22:35 +01:00
port.c usb: export firmware port location in sysfs 2018-10-02 12:05:30 -07:00
quirks.c USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB 2019-01-07 17:29:28 +01:00
sysfs.c USB: Add new USB LPM helpers 2019-01-18 10:02:56 +01:00
urb.c USB: core: urb: Use struct_size() in kmalloc() 2019-01-08 16:46:46 +01:00
usb-acpi.c usb: assign ACPI companions for embedded USB devices 2019-01-25 08:46:26 +01:00
usb.c usb: core: make default autosuspend delay configurable 2019-03-01 20:53:41 +01:00
usb.h USB: Add new USB LPM helpers 2019-01-18 10:02:56 +01:00