lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87zf6cbpv8.wl-tiwai@suse.de>
Date: Sat, 17 Jan 2026 09:33:15 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Samasth Norway Ananda <samasth.norway.ananda@...cle.com>
Cc: perex@...ex.cz,
	tiwai@...e.com,
	g@...vu,
	linux-sound@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND] ALSA: scarlett2: Fix buffer overflow in config retrieval

On Sat, 17 Jan 2026 02:27:06 +0100,
Samasth Norway Ananda wrote:
> 
> The scarlett2_usb_get_config() function has a logic error in the
> endianness conversion code that can cause buffer overflows when
> count > 1.
> 
> The code checks `if (size == 2)` where `size` is the total buffer size in
> bytes, then loops `count` times treating each element as u16 (2 bytes).
> This causes the loop to access `count * 2` bytes when the buffer only
> has `size` bytes allocated.
> 
> Fix by checking the element size (config_item->size) instead of the
> total buffer size. This ensures the endianness conversion matches the
> actual element type.
> 
> Fixes: ac34df733d2d ("ALSA: usb-audio: scarlett2: Update get_config to do endian conversion")
> Cc: stable@...r.kernel.org
> Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@...cle.com>

Applied now.  Thanks.


Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ