On Thu, 9 Nov 2017 17:47:01 +0100 Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > On Fri, Nov 10, 2017 at 01:25:50AM +0900, Masakazu Mokuno wrote: > > > > As most of BOS descriptors are longer in length than their header > > 'struct usb_dev_cap_header', comparing solely with it is not sufficient > > to avoid out-of-bounds access to BOS descriptors. > > > > This patch adds descriptor type specific length check in > > usb_get_bos_descriptor() to fix the issue. > > > > Signed-off-by: Masakazu Mokuno <masakazu.mokuno@xxxxxxxxx> > > So is the current code "broken" somehow, and this patch should be > backported to the stable kernels? Though I haven't checked stable kernels, I guess they have similar issue. -- Masakazu Mokuno -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
