Hi Shuah, Thanks a lot for the quick fixes. Please, use this email address: vuln@xxxxxxxxxxx We have assigned the following CVEs to the issues: CVE-2017-16911 usbip: prevent vhci_hcd driver from leaking a socket pointer address CVE-2017-16912 usbip: fix stub_rx: get_pipe() to validate endpoint number CVE-2017-16913 usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input CVE-2017-16914 usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer Please, let me know if we should proceed with a coordinated disclosure. I'm not quite sure how many distros / downstreams actually use this functionality. Best Regards, Jakub -----Original Message----- From: Shuah Khan [mailto:shuahkh@xxxxxxxxxxxxxxx] Sent: Thursday, December 7, 2017 10:17 PM To: shuah@xxxxxxxxxx; valentina.manea.m@xxxxxxxxx; gregkh@xxxxxxxxxxxxxxxxxxx Cc: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>; linux-usb@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; vuln@xxxxxxxxxxx Subject: [PATCH 0/4] USB over IP Secuurity fixes Jakub Jirasek from Secunia Research at Flexera reported security vulnerabilities in the USB over IP driver. This patch series all the 4 reported problems. Jakub, could you please suggest an email address I can use for the Reported-by tag? Shuah Khan (4): usbip: fix stub_rx: get_pipe() to validate endpoint number usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input usbip: prevent vhci_hcd driver from leaking a socket pointer address usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer drivers/usb/usbip/stub_rx.c | 51 +++++++++++++++++++++++++++++------- drivers/usb/usbip/stub_tx.c | 7 +++++ drivers/usb/usbip/usbip_common.h | 1 + drivers/usb/usbip/vhci_sysfs.c | 25 +++++++++++------- tools/usb/usbip/libsrc/vhci_driver.c | 8 +++--- 5 files changed, 69 insertions(+), 23 deletions(-) -- 2.14.1 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
