Hi Shuah, Thanks a lot for the quick fixes.
Please, use this email address: v...@secunia.com We have assigned the following CVEs to the issues: CVE-2017-16911 usbip: prevent vhci_hcd driver from leaking a socket pointer address CVE-2017-16912 usbip: fix stub_rx: get_pipe() to validate endpoint number CVE-2017-16913 usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input CVE-2017-16914 usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer Please, let me know if we should proceed with a coordinated disclosure. I'm not quite sure how many distros / downstreams actually use this functionality. Best Regards, Jakub -----Original Message----- From: Shuah Khan [mailto:shua...@osg.samsung.com] Sent: Thursday, December 7, 2017 10:17 PM To: sh...@kernel.org; valentina.mane...@gmail.com; gre...@linuxfoundation.org Cc: Shuah Khan <shua...@osg.samsung.com>; linux-...@vger.kernel.org; linux-kernel@vger.kernel.org; v...@secunia.com Subject: [PATCH 0/4] USB over IP Secuurity fixes Jakub Jirasek from Secunia Research at Flexera reported security vulnerabilities in the USB over IP driver. This patch series all the 4 reported problems. Jakub, could you please suggest an email address I can use for the Reported-by tag? Shuah Khan (4): usbip: fix stub_rx: get_pipe() to validate endpoint number usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input usbip: prevent vhci_hcd driver from leaking a socket pointer address usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer drivers/usb/usbip/stub_rx.c | 51 +++++++++++++++++++++++++++++------- drivers/usb/usbip/stub_tx.c | 7 +++++ drivers/usb/usbip/usbip_common.h | 1 + drivers/usb/usbip/vhci_sysfs.c | 25 +++++++++++------- tools/usb/usbip/libsrc/vhci_driver.c | 8 +++--- 5 files changed, 69 insertions(+), 23 deletions(-) -- 2.14.1
