Am Montag, den 17.05.2021, 01:01 +0000 schrieb Hayes Wang: > Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> > > Sent: Friday, May 14, 2021 11:33 PM > > So if a peculiar emulated device created by syzbot is capable of > > crashing the driver, then somewhere there is a bug which needs to > > be > > fixed. It's true that fixing all these bugs might not protect > > against a > > malicious device which deliberately behaves in an apparently > > reasonable > > manner. But it does reduce the attack surface. > > Thanks for your response. > I will add some checks. Hi, the problem in this particular case is in static bool rtl_vendor_mode(struct usb_interface *intf) which accepts any config number. It needs to bail out if you find config #0 to be what the descriptors say, treating that as an unrecoverable error. Regards Oliver
