On Wed, 13 Dec 2017, Greg KH wrote:
> > > --- usb-4.x.orig/drivers/usb/core/config.c
> > > +++ usb-4.x/drivers/usb/core/config.c
> > > @@ -555,6 +555,9 @@ static int usb_parse_configuration(struc
> > > unsigned iad_num = 0;
> > >
> > > memcpy(>desc, buffer, USB_DT_CONFIG_SIZE);
> > > +
On Tue, Dec 12, 2017 at 02:25:13PM -0500, Alan Stern wrote:
> A malicious USB device with crafted descriptors can cause the kernel
> to access unallocated memory by setting the bNumInterfaces value too
> high in a configuration descriptor. Although the value is adjusted
> during parsing, this
On Wed, Dec 13, 2017 at 09:27:42AM +0800, Peter Chen wrote:
> On Tue, Dec 12, 2017 at 02:25:13PM -0500, Alan Stern wrote:
> > A malicious USB device with crafted descriptors can cause the kernel
> > to access unallocated memory by setting the bNumInterfaces value too
> > high in a configuration
On Tue, Dec 12, 2017 at 02:25:13PM -0500, Alan Stern wrote:
> A malicious USB device with crafted descriptors can cause the kernel
> to access unallocated memory by setting the bNumInterfaces value too
> high in a configuration descriptor. Although the value is adjusted
> during parsing, this
A malicious USB device with crafted descriptors can cause the kernel
to access unallocated memory by setting the bNumInterfaces value too
high in a configuration descriptor. Although the value is adjusted
during parsing, this adjustment is skipped in one of the error return
paths.
This patch