iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Marcin Kozlowski afb8e24652 net: usb: aqc111: Fix out-of-bounds accesses in RX fixup 
aqc111_rx_fixup() contains several out-of-bounds accesses that can be
triggered by a malicious (or defective) USB device, in particular:

 - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds,
   causing OOB reads and (on big-endian systems) OOB endianness flips.
 - A packet can overlap the metadata array, causing a later OOB
   endianness flip to corrupt data used by a cloned SKB that has already
   been handed off into the network stack.
 - A packet SKB can be constructed whose tail is far beyond its end,
   causing out-of-bounds heap data to be considered part of the SKB's
   data.

Found doing variant analysis. Tested it with another driver (ax88179_178a), since
I don't have a aqc111 device to test it, but the code looks very similar.

Signed-off-by: Marcin Kozlowski <marcinguy@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-04-06 15:22:49 +01:00
..
accessibility
acpi
libnvdimm for 5.18
2022-03-30 10:04:11 -07:00
amba
android
ata
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
atm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-03-17 13:56:58 -07:00
auxdisplay
base
Device properties code update for 5.18-rc1
2022-03-29 11:30:12 -07:00
bcma
Core MTD changes:
2022-03-25 13:35:34 -07:00
block
xen: branch for v5.18-rc1
2022-03-28 14:32:39 -07:00
bluetooth
Bluetooth: ath3k: remove superfluous header files
2022-03-18 17:12:09 +01:00
bus
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
cdrom
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
char
dma-mapping updates for Linux 5.18
2022-03-29 08:50:14 -07:00
clk
There's one large change in the core clk framework here. We change how
2022-03-30 10:11:04 -07:00
clocksource
asm-generic updates for 5.18
2022-03-23 18:03:08 -07:00
comedi
connector
counter
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
cpufreq
Merge branch 'cpufreq/arm/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm
2022-03-22 12:15:47 +01:00
cpuidle
ARM driver updates for 5.18
2022-03-23 18:23:13 -07:00
crypto
This push fixes the following issues:
2022-03-31 11:17:39 -07:00
cxl
cxl/core/port: Fix NULL but dereferenced coccicheck error
2022-03-22 10:51:17 -07:00
dax
dax for 5.18
2022-03-24 18:12:09 -07:00
dca
devfreq
dio
dma
dmaengine updates for v5.18-rc1
2022-03-30 10:54:49 -07:00
dma-buf
edac
Merge branch 'edac-amd64' into edac-updates-for-v5.18
2022-03-21 10:34:57 +01:00
eisa
extcon
firewire
firmware
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
fpga
fsi
gnss
gpio
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
gpu
xen: branch for v5.18-rc1
2022-03-28 14:32:39 -07:00
greybus
hid
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
2022-03-25 12:22:16 -07:00
hsi
hv
hyperv-next for 5.18
2022-03-24 12:30:37 -07:00
hwmon
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
hwspinlock
hwtracing
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
i2c
Merge branch 'i2c/for-mergewindow' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2022-03-26 12:46:08 -07:00
i3c
idle
cpuidle: intel_idle: Drop redundant backslash at line end
2022-03-17 14:32:59 +01:00
iio
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
infiniband
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
input
xen: branch for v5.18-rc1
2022-03-28 14:32:39 -07:00
interconnect
iommu
dma-mapping updates for Linux 5.18
2022-03-29 08:50:14 -07:00
ipack
irqchip
asm-generic updates for 5.18
2022-03-23 18:03:08 -07:00
isdn
mISDN: fix typo "frame to short" -> "frame too short"
2022-03-21 13:26:38 +00:00
leds
LED updates for 5.18-rc1. Nothing major here, there are two drivers
2022-03-27 14:09:48 -07:00
macintosh
mailbox
mcb
md
Driver core changes for 5.18-rc1
2022-03-28 12:41:28 -07:00
media
drm for 5.18-rc1
2022-03-24 16:19:43 -07:00
memory
ARM driver updates for 5.18
2022-03-23 18:23:13 -07:00
memstick
message
mfd
- New Drivers
2022-03-25 13:56:18 -07:00
misc
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
mmc
TTY/Serial driver changes for 5.18-rc1
2022-03-28 13:00:51 -07:00
most
mtd
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
mux
net
net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
2022-04-06 15:22:49 +01:00
nfc
spi: Updates for v5.18
2022-03-21 18:33:57 -07:00
ntb
nubus
nvdimm
libnvdimm for 5.18
2022-03-30 10:04:11 -07:00
nvme
for-5.18/64bit-pi-2022-03-25
2022-03-26 12:01:35 -07:00
nvmem
nvmem: brcm_nvram: parse NVRAM content into NVMEM cells
2022-03-18 14:08:36 +01:00
of
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
opp
parisc
parisc: Fix CPU affinity for Lasi, WAX and Dino chips
2022-03-29 21:37:12 +02:00
parport
parport_pc: Also enable driver for PCI systems
2022-03-18 14:01:41 +01:00
pci
xen: branch for v5.18-rc1
2022-03-28 14:32:39 -07:00
pcmcia
peci
perf
RISC-V Patches for the 5.18 Merge Window, Part 1
2022-03-25 10:11:38 -07:00
phy
phy: PHY_FSL_LYNX_28G should depend on ARCH_LAYERSCAPE
2022-03-29 08:45:16 -07:00
pinctrl
Pin control bulk changes for the v5.18 kernel cycle
2022-03-28 11:52:53 -07:00
platform
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
pnp
PNP update for 5.18-rc1
2022-03-21 14:46:01 -07:00
power
Driver core changes for 5.18-rc1
2022-03-28 12:41:28 -07:00
powercap
pps
pps: generators: pps_gen_parport: Switch to use module_parport_driver()
2022-03-18 14:01:19 +01:00
ps3
ptp
ptp: ocp: handle error from nvmem_device_find
2022-03-30 12:08:11 -07:00
pwm
rapidio
ras
regulator
regulator: Fixes for v5.18
2022-03-30 10:58:28 -07:00
remoteproc
remoteproc updates for v5.18
2022-03-30 10:50:48 -07:00
reset
rpmsg
rtc
- New Drivers
2022-03-25 13:56:18 -07:00
s390
s390 updates for the 5.18 merge window
2022-03-25 10:01:34 -07:00
sbus
scsi
xen: branch for v5.18-rc1
2022-03-28 14:32:39 -07:00
sh
siox
slimbus
soc
Networking changes for 5.18.
2022-03-24 13:13:26 -07:00
soundwire
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
spi
Core MTD changes:
2022-03-25 13:35:34 -07:00
spmi
ssb
staging
Staging driver update for 5.18-rc1
2022-03-28 12:50:50 -07:00
target
SCSI misc on 20220324
2022-03-24 19:37:53 -07:00
tc
tee
ARM driver updates for 5.18
2022-03-23 18:23:13 -07:00
thermal
Merge branch 'thermal-hfi'
2022-03-18 19:00:26 +01:00
thunderbolt
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
tty
TTY/Serial driver changes for 5.18-rc1
2022-03-28 13:00:51 -07:00
uio
usb
xen: branch for v5.18-rc1
2022-03-28 14:32:39 -07:00
vdpa
IOMMU Updates for Linux v5.18
2022-03-24 19:48:57 -07:00
vfio
vhost
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2022-03-17 13:56:58 -07:00
video
Driver core changes for 5.18-rc1
2022-03-28 12:41:28 -07:00
virt
Char/Misc and other driver updates for 5.18-rc1
2022-03-28 12:27:35 -07:00
virtio
mm: enforce pageblock_order < MAX_ORDER
2022-03-22 15:57:06 -07:00
visorbus
vlynq
vme
w1
w1: w1_therm: Add support for Maxim MAX31850 thermoelement IF.
2022-03-18 14:07:09 +01:00
watchdog
- New Drivers
2022-03-25 13:56:18 -07:00
xen
xen: don't hang when resuming PCI device
2022-03-25 14:22:15 -05:00
zorro
Kconfig
Makefile