An attack using the lack of sanity checking in probe is known. This patch checks for the existance of a second port. CVE-2016-3136 Signed-off-by: Oliver Neukum <ONeukum@xxxxxxxx> CC: stable@xxxxxxxxxxxxxxx v1 - add sanity check for presence of a second port v2 - add sanity check for an interrupt endpoint --- drivers/usb/serial/mct_u232.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c index 4446b8d..3e64538 100644 --- a/drivers/usb/serial/mct_u232.c +++ b/drivers/usb/serial/mct_u232.c @@ -378,6 +378,10 @@ static int mct_u232_port_probe(struct usb_serial_port *port) { struct mct_u232_private *priv; + /* check first to simplify error handling */ + if (!port->serial->port[1] || !port->serial->port[1]->interrupt_in_urb) + return -ENODEV; + priv = kzalloc(sizeof(*priv), GFP_KERNEL); if (!priv) return -ENOMEM; -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html