+-- On Fri, 11 Sep 2020, Alexander Bulekov wrote --+ | > On 200911 2257, Li Qiang wrote: | > > Could you also provide the reproducer?
* Sorry, we can not share reproducers on the list, I'm afraid. * Thank you Alex for the -qtests. | > > I think it is better to split this patch to 2 or three as the infinite | > > loop as the buffer overflow are independent. | > > | > > 1. here the infinite loop | > > 2. here the stack buffer overflow | > > 3. Then here is the heap overflow. | > > | > > So I think it can be more easier to review to split this to 3 patches. * These issues are in the same UHCI controller and share the same pattern, triggered while processing ED/TD lists. They can be combined as a single CVE. * Infinite-loop is different. I'll break it into two patches, one for OOB access and one to avoid an infinite loop case. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D