This is a note to let you know that I've just added the patch titled usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: usbip-vhci_hcd-fix-shift-out-of-bounds-in-vhci_hub_control.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 1cc5ed25bdade86de2650a82b2730108a76de20c Mon Sep 17 00:00:00 2001 From: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> Date: Wed, 24 Mar 2021 17:06:54 -0600 Subject: usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() From: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> commit 1cc5ed25bdade86de2650a82b2730108a76de20c upstream. Fix shift out-of-bounds in vhci_hub_control() SetPortFeature handling. UBSAN: shift-out-of-bounds in drivers/usb/usbip/vhci_hcd.c:605:42 shift exponent 768 is too large for 32-bit type 'int' Reported-by: syzbot+3dea30b047f41084de66@xxxxxxxxxxxxxxxxxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20210324230654.34798-1-skhan@xxxxxxxxxxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/usb/usbip/vhci_hcd.c | 2 ++ 1 file changed, 2 insertions(+) --- a/drivers/usb/usbip/vhci_hcd.c +++ b/drivers/usb/usbip/vhci_hcd.c @@ -608,6 +608,8 @@ static int vhci_hub_control(struct usb_h pr_err("invalid port number %d\n", wIndex); goto error; } + if (wValue >= 32) + goto error; if (hcd->speed == HCD_USB3) { if ((vhci_hcd->port_status[rhport] & USB_SS_PORT_STAT_POWER) != 0) { Patches currently in stable-queue which might be from skhan@xxxxxxxxxxxxxxxxxxx are queue-4.14/usbip-vhci_hcd-fix-shift-out-of-bounds-in-vhci_hub_control.patch