On Thu, Jan 12, 2017 at 06:19:53PM +0100, Greg Kroah-Hartman wrote: > On Thu, Jan 12, 2017 at 02:56:08PM +0100, Johan Hovold wrote: > > Several USB serial drivers failed to detect short control transfers, > > something which could lead to uninitialised data leaking to user space > > or being treated as valid input. > > > > The two information-leak fixes are marked for stable, and so is the > > spcp8x5 modem-status fix. > > > > Included is also a clean up removing an unnecessary allocation from > > iuu_phoenix. > > > > These are all intended for inclusion in 4.11. > > Ugh, nice find, I never thought about short control messages leaking > info :( I took a look at the HID drivers and quickly found one driver suffering from similar issues. USB core looks fine, even if there are at least two places where insufficient error handling could lead to uninitialised data being parsed (get_hub_status() and hub_port_init()). Roughly 300 call sites to vet: git grep -A2 usb_control_msg | grep rcvctrlpipe > Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Thanks for the review. Johan -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
