Re: [PATCH 4.5 058/238] USB: iowarrior: fix oops with malicious USB descriptors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2016-04-10 at 11:33 -0700, Greg Kroah-Hartman wrote:

> 4.5-stable review patch.  If anyone has any objections, please let me know.
> 
> ------------------
> 
> From: Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx>
> 
> commit 4ec0ef3a82125efc36173062a50624550a900ae0 upstream.
> 
> The iowarrior driver expects at least one valid endpoint.  If given
> malicious descriptors that specify 0 for the number of endpoints,
> it will crash in the probe function.  Ensure there is at least
> one endpoint on the interface before using it.
[...]

Which means our imaginary attacker will move on to providing a single
endpoint of the wrong type.  You've fixed the driver to reject the PoC
descriptor without thinking about what the driver actually requires.

I don't see the point of applying this to stable; it doesn't provide
any meaningful security benefit.

Ben.

-- 
Ben Hutchings
This sentence contradicts itself - no actually it doesn't.

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]