On Tue, Sep 15, 2020 at 11:52:57PM +0530, P J P wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > Hello, > > * While servicing transfer descriptors(TD) in ohci_service[_iso]_td > routines, it may lead to out-of-bounds access and/or infinite loop > issues, as the OHCI controller driver may supply malicious values > to derive frame_number, start_addr, end_addr etc. variables. > > * This series breaks earlier single patch into two. > One for an out-of-bounds access issue and another to fix infinite > loop case. > -> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05145.html
Added to usb patch queue. thanks, Gerd
