On Thu, Nov 23, 2017 at 04:20:05PM +0100, Oliver Neukum wrote: > Parsing CDC headers a buffer overflow cannot just be prevented > by checking that the remainder of the buffer is longer than minimum > length. The size of the fields to be parsed must be figured in, too. > > In newer kernels this issue has been fixed at a central location with > > commit 2e1c42391ff2556387b3cb6308b24f6f65619feb > Author: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > Date: Thu Sep 21 16:58:48 2017 +0200 > > USB: core: harden cdc_parse_cdc_header > > on anything older the parsing had not been centralised, so a separate > fix for each driver is necessary. > > Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx> > --- > drivers/net/usb/cdc_ether.c | 9 ++++++++- > drivers/usb/class/cdc-acm.c | 2 +- > drivers/usb/class/cdc-wdm.c | 2 ++ > 3 files changed, 11 insertions(+), 2 deletions(-) What stable kernel(s) should this go to? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
