On Thu, Apr 11, 2024 at 02:42:58PM +0200, Oliver Neukum wrote: > The parser we use to enumerate a new device has no hardening > against nonsensical descriptors at all. This is a bit optimistic > When it was written, we trusted hardware, all we had to do was get it working properly as all USB devices were supposed to have passed the USB-IF's validation before it got to us. Right now, we barely trust USB descriptors, if we wish to change this threat-model, that's great, but I think a lot of work is still to be done as you prove here. thanks, greg k-h
