Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 7bd66003404f7c145d8c5041c0ab324a22132792
commit7bd66003404f7c145d8c5041c0ab324a22132792[log] [tgz]
authorJames Forshaw <forshaw@google.com>Sat Aug 23 14:39:48 2014 -0700
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Apr 05 10:20:39 2020 +0200
tree12fd7fc36000bf0de8a30b5667772ba58617d429
parent244f329ca7da7ae201e61d99dbb73ba48795c0c5 [diff]
USB: whiteheat: Added bounds checking for bulk command response

commit 6817ae225cd650fb1c3295d769298c38b1eba818 upstream.

This patch fixes a potential security issue in the whiteheat USB driver
which might allow a local attacker to cause kernel memory corrpution. This
is due to an unchecked memcpy into a fixed size buffer (of 64 bytes). On
EHCI and XHCI busses it's possible to craft responses greater than 64
bytes leading a buffer overflow.

Signed-off-by: James Forshaw <forshaw@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[lizf: Backported to 3.4: adjust context]
Signed-off-by: Zefan Li <lizefan@huawei.com>
1 file changed
tree: 12fd7fc36000bf0de8a30b5667772ba58617d429
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS