| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181210125020.64nybfkrotjun7rw@linutronix.de>
Date: Mon, 10 Dec 2018 13:50:20 +0100
From: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
linux-usb@...r.kernel.org, Hui Peng <benquike@...il.com>,
Mathias Payer <mathias.payer@...elwelt.net>
Subject: Re: [PATCH v2] USB: hso: Fix OOB memory access in
hso_probe/hso_get_config_data
On 2018-12-10 09:04:43 [+0100], Greg KH wrote:
> From: Hui Peng <benquike@...il.com>
>
> The function hso_probe reads if_num from the USB device (as an u8) and uses
> it without a length check to index an array, resulting in an OOB memory read
> in hso_probe or hso_get_config_data. Added a length check for both locations
> and updated hso_probe to bail on error.
The function hso_probe reads if_num from the USB device (as an u8) and uses
it without a length check to index an array, resulting in an OOB memory read
in hso_probe or hso_get_config_data.
Add a length check for both locations and update hso_probe to bail on
error.
> This issue has been assigned CVE-2018-19985.
>
> Reported-by: Hui Peng <benquike@...il.com>
> Reported-by: Mathias Payer <mathias.payer@...elwelt.net>
> Signed-off-by: Hui Peng <benquike@...il.com>
> Signed-off-by: Mathias Payer <mathias.payer@...elwelt.net>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Reviewed-by: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Sebastian
Powered by blists - more mailing lists