On Thu, Mar 29, 2018 at 06:36:42PM +0200, Greg Kroah-Hartman wrote: > On Thu, Mar 29, 2018 at 10:48:28AM -0500, Bin Liu wrote: > > From: Heinrich Schuchardt <xypron.glpk@xxxxxx> > > > > musb->endpoints[] has array size MUSB_C_NUM_EPS. > > We must check array bounds before accessing the array and not afterwards. > > > > Signed-off-by: Heinrich Schuchardt <xypron.glpk@xxxxxx> > > Signed-off-by: Bin Liu <b-liu@xxxxxx> > > --- > > drivers/usb/musb/musb_gadget_ep0.c | 14 +++++++++----- > > 1 file changed, 9 insertions(+), 5 deletions(-) > > Should this also go to the stable kernels? Your call. My understanding is this is just a potential, and the code looks wrong - checking the boundary after used it, but the ep index won't be able to over the boundary anyway. Though I don't have enough security knowledge to judge if the bug has an security hole... Regards, -Bin. -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
