An attack using the lack of sanity checking in probe is known. This patch checks for the existance of a second port. CVE-2016-3136 Signed-off-by: Oliver Neukum <ONeukum@xxxxxxxx> CC: stable@xxxxxxxxxxxxxxx --- drivers/usb/serial/mct_u232.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c index fd707d6..d6a36b1 100644 --- a/drivers/usb/serial/mct_u232.c +++ b/drivers/usb/serial/mct_u232.c @@ -378,6 +378,10 @@ static int mct_u232_port_probe(struct usb_serial_port *port) { struct mct_u232_private *priv; + /* check first to simplify error handling */ + if (!port->serial->port[1]) + return -ENODEV; + priv = kzalloc(sizeof(*priv), GFP_KERNEL); if (!priv) return -ENOMEM; -- 2.1.4 -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html