On 05.02.2025 00:48:15, Vincent Mailhol wrote: > The driver assumed that es58x_dev->udev->serial could never be NULL. > While this is true on commercially available devices, an attacker > could spoof the device identity providing a NULL USB serial number. > That would trigger a NULL pointer dereference. > > Add a check on es58x_dev->udev->serial before accessing it. > > Reported-by: yan kang <kangyan91@xxxxxxxxxxx> > Reported-by: yue sun <samsun1006219@xxxxxxxxx> > Closes: https://lore.kernel.org/linux-can/SY8P300MB0421E0013C0EBD2AA46BA709A1F42@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ > Fixes: 9f06631c3f1f ("can: etas_es58x: export product information through devlink_ops::info_get()") > Signed-off-by: Vincent Mailhol <mailhol.vincent@xxxxxxxxxx> Applied to linux-can. Thanks, Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung Nürnberg | Phone: +49-5121-206917-129 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |
Attachment:
signature.asc
Description: PGP signature
