| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87y0n1cw8g.wl-tiwai@suse.de> Date: Wed, 17 Dec 2025 10:07:27 +0100 From: Takashi Iwai <tiwai@...e.de> To: Shipei Qu <qu@...knavy.com> Cc: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>, alsa-devel@...a-project.org, linux-kernel@...r.kernel.org, vr@...knavy.com Subject: Re: [PATCH v3] ALSA: usb-mixer: us16x08: validate meter packet indices On Wed, 17 Dec 2025 03:46:30 +0100, Shipei Qu wrote: > > get_meter_levels_from_urb() parses the 64-byte meter packets sent by > the device and fills the per-channel arrays meter_level[], > comp_level[] and master_level[] in struct snd_us16x08_meter_store. > > Currently the function derives the channel index directly from the > meter packet (MUB2(meter_urb, s) - 1) and uses it to index those > arrays without validating the range. If the packet contains a > negative or out-of-range channel number, the driver may write past > the end of these arrays. > > Introduce a local channel variable and validate it before updating the > arrays. We reject negative indices, limit meter_level[] and > comp_level[] to SND_US16X08_MAX_CHANNELS, and guard master_level[] > updates with ARRAY_SIZE(master_level). > > Reported-by: DARKNAVY (@DarkNavyOrg) <vr@...knavy.com> > Signed-off-by: Shipei Qu <qu@...knavy.com> Applied now. Thanks. Takashi
Powered by blists - more mailing lists