| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Mar 2016 09:15:48 -0700 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Josh Boyer <jwboyer@...oraproject.org> Cc: Dmitry Torokhov <dmitry.torokhov@...il.com>, linux-input@...r.kernel.org, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, stable <stable@...r.kernel.org> Subject: Re: [PATCH] USB: input: powermate: fix oops with malicious USB descriptors On Mon, Mar 14, 2016 at 10:12:53AM -0400, Josh Boyer wrote: > The powermate driver expects at least one valid USB endpoint in its > probe function. If given malicious descriptors that specify 0 for > the number of endpoints, it will crash. Validate the number of > endpoints on the interface before using them. > > The full report for this issue can be found here: > http://seclists.org/bugtraq/2016/Mar/85 > > Reported-by: Ralf Spenneberg <ralf@...nneberg.net> > Cc: stable <stable@...r.kernel.org> > Signed-off-by: Josh Boyer <jwboyer@...oraproject.org> > --- > drivers/input/misc/powermate.c | 3 +++ > 1 file changed, 3 insertions(+) I'll queue these up after 4.6-rc1 is out as the merge window is closed right now, but we might want to think about a better way to handle this type of thing in the USB core. A way to keep from having to add checks like this for every single driver, when the driver shouldn't even really have their probe function called unless their expected endpoints are going to be there. I'll think about that over the next few weeks... thanks, greg k-h
Powered by blists - more mailing lists