| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160608002645.GG8341@kroah.com> Date: Tue, 7 Jun 2016 17:26:45 -0700 From: Greg KH <greg@...ah.com> To: Holger Hoffstätte <holger@...lied-asynchrony.com> Cc: stable@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 4.4 63/99] [media] usbvision fix overflow of interfaces array On Sun, Jun 05, 2016 at 09:53:42PM +0000, Holger Hoffstätte wrote: > On Sun, 05 Jun 2016 14:41:36 -0700, Greg Kroah-Hartman wrote: > > > 4.4-stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Oliver Neukum <oneukum@...e.com> > > > > commit 588afcc1c0e45358159090d95bf7b246fb67565f upstream. > > > > This fixes the crash reported in: > > http://seclists.org/bugtraq/2015/Oct/35 > > The interface number needs a sanity check. > > > > Signed-off-by: Oliver Neukum <oneukum@...e.com> > > Cc: Vladis Dronov <vdronov@...hat.com> > > Signed-off-by: Hans Verkuil <hans.verkuil@...co.com> > > Signed-off-by: Mauro Carvalho Chehab <mchehab@....samsung.com> > > Cc: Moritz Muehlenhoff <moritz@...imedia.org> > > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> > > > > --- > > drivers/media/usb/usbvision/usbvision-video.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > --- a/drivers/media/usb/usbvision/usbvision-video.c > > +++ b/drivers/media/usb/usbvision/usbvision-video.c > > @@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_in > > printk(KERN_INFO "%s: %s found\n", __func__, > > usbvision_device_data[model].model_string); > > > > + /* > > + * this is a security check. > > + * an exploit using an incorrect bInterfaceNumber is known > > + */ > > + if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum]) > > + return -ENODEV; > > + > > if (usbvision_device_data[model].interface >= 0) > > interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0]; > > else if (ifnum < dev->actconfig->desc.bNumInterfaces) > > Not sure if it matters, but heads up anyway that for some reason this > patch is a duplicate and was previously applied quite some time ago: > > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.4.y&id=588afcc1c0e45358159090d95bf7b246fb67565f Yes, thanks, sorry for the confusion, Debian seems confused as well as this is in their kernel tree too... now dropped, thanks. greg k-h
Powered by blists - more mailing lists