Hayes Wang <hayeswang@xxxxxxxxxxx> : > Francois Romieu [mailto:romieu@xxxxxxxxxxxxx] > > Sent: Friday, November 11, 2016 8:13 PM > [...] > > Invalid packet size corrupted receive descriptors in Realtek's device > > reminds of CVE-2009-4537. > > Do you mean that the driver would get a packet exceed the size > which is set to RxMaxSize ? If it was possible to get it wrong once, it should be possible to get it wrong twice, especially if some part of the hardware design is recycled. I don't mean anything else. I won't speculate about some cache consistency issue or some badly aborted dma transaction to explain the memory corruption. -- Ueimor -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
