On Sun, Jun 05, 2016 at 09:53:42PM +0000, Holger Hoffstätte wrote: > On Sun, 05 Jun 2016 14:41:36 -0700, Greg Kroah-Hartman wrote: > > > 4.4-stable review patch. If anyone has any objections, please let me know. > > > > ------------------ > > > > From: Oliver Neukum <oneukum@xxxxxxxx> > > > > commit 588afcc1c0e45358159090d95bf7b246fb67565f upstream. > > > > This fixes the crash reported in: > > http://seclists.org/bugtraq/2015/Oct/35 > > The interface number needs a sanity check. > > > > Signed-off-by: Oliver Neukum <oneukum@xxxxxxxx> > > Cc: Vladis Dronov <vdronov@xxxxxxxxxx> > > Signed-off-by: Hans Verkuil <hans.verkuil@xxxxxxxxx> > > Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxx> > > Cc: Moritz Muehlenhoff <moritz@xxxxxxxxxxxxx> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > > > --- > > drivers/media/usb/usbvision/usbvision-video.c | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > --- a/drivers/media/usb/usbvision/usbvision-video.c > > +++ b/drivers/media/usb/usbvision/usbvision-video.c > > @@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_in > > printk(KERN_INFO "%s: %s found\n", __func__, > > usbvision_device_data[model].model_string); > > > > + /* > > + * this is a security check. > > + * an exploit using an incorrect bInterfaceNumber is known > > + */ > > + if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum]) > > + return -ENODEV; > > + > > if (usbvision_device_data[model].interface >= 0) > > interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0]; > > else if (ifnum < dev->actconfig->desc.bNumInterfaces) > > Not sure if it matters, but heads up anyway that for some reason this > patch is a duplicate and was previously applied quite some time ago: > > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.4.y&id=588afcc1c0e45358159090d95bf7b246fb67565f Yes, thanks, sorry for the confusion, Debian seems confused as well as this is in their kernel tree too... now dropped, thanks. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html