summaryrefslogtreecommitdiff
path: root/mm
diff options
context:
space:
mode:
authorAlan Stern <stern@rowland.harvard.edu>2017-12-12 22:25:13 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2017-12-13 14:28:43 +0300
commit48a4ff1c7bb5a32d2e396b03132d20d552c0eca7 (patch)
tree4cb8b7afc26ba9e3ad44425f393baa08715c4852 /mm
parentcf4df407e0d7cde60a45369c2a3414d18e2d4fdd (diff)
downloadlinux-48a4ff1c7bb5a32d2e396b03132d20d552c0eca7.tar.xz
USB: core: prevent malicious bNumInterfaces overflow
A malicious USB device with crafted descriptors can cause the kernel to access unallocated memory by setting the bNumInterfaces value too high in a configuration descriptor. Although the value is adjusted during parsing, this adjustment is skipped in one of the error return paths. This patch prevents the problem by setting bNumInterfaces to 0 initially. The existing code already sets it to the proper value after parsing is complete. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Reported-by: Andrey Konovalov <andreyknvl@google.com> CC: <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'mm')
0 files changed, 0 insertions, 0 deletions