iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b8b6069cf2
linux/drivers/usb/misc
History
Jann Horn f1e255d60a USB: yurex: fix out-of-bounds uaccess in read handler 
In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

Fix it by using simple_read_from_buffer() instead of custom logic.

Fixes: 6bc235a2e2 ("USB: add driver for Meywa-Denki & Kayac YUREX")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-06 17:21:34 +02:00
..
sisusbvga treewide: Use array_size() in vmalloc() 2018-06-12 16:19:22 -07:00
adutux.c USB: adutux: Add waiting in transfer abortion 2018-03-09 09:37:10 -08:00
appledisplay.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
chaoskey.c USB: chaoskey: Use kasprintf() over strcpy()/strcat() 2018-02-22 15:17:05 +01:00
cypress_cy7c63.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
cytherm.c USB: misc: fix up some remaining DEVICE_ATTR() usages 2018-01-24 08:49:52 +01:00
ehset.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
emi26.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
emi62.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
ezusb.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
ftdi-elan.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
idmouse.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
iowarrior.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
isight_firmware.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
Kconfig usb: usb251xb: Add USB2517i specific struct and IDs 2017-11-01 17:14:21 +01:00
ldusb.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
legousbtower.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
lvstest.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rio500_usb.h USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
rio500.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
trancevibrator.c USB: move many drivers to use DEVICE_ATTR_RW 2018-01-24 08:49:51 +01:00
usb251xb.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
usb3503.c usb: misc: usb3503: make sure reset is low for at least 100us 2018-01-11 18:39:52 +01:00
usb4604.c USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
usb_u132.h USB: misc: Remove redundant license text 2017-11-04 11:55:38 +01:00
usblcd.c USB: add SPDX identifiers to all remaining files in drivers/usb/ 2017-11-04 11:48:02 +01:00
usbsevseg.c USB: misc: fix up some remaining DEVICE_ATTR() usages 2018-01-24 08:49:52 +01:00
usbtest.c usb: usbtest: Remove stack VLA usage 2018-03-09 09:10:22 -08:00
uss720.c USB: misc: uss720: more vendor/product ID's 2018-03-20 12:27:34 +01:00
yurex.c USB: yurex: fix out-of-bounds uaccess in read handler 2018-07-06 17:21:34 +02:00