On Mon, Sep 24, 2018 at 09:19:17AM +0200, Johan Hovold wrote:
> commit 5dfdd24eb3d39d815bc952ae98128e967c9bba49 upstream.
>
> Similarly to a recently reported bug in io_ti, a malicious USB device
> could set port_number to a negative value and we would underflow the
> port array in the interrupt completion handler.
>
> As these devices only have one or two ports, fix this by making sure we
> only consider the seventh bit when determining the port number (and
> ignore bits 0xb0 which are typically set to 0x30).
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable <stable@xxxxxxxxxxxxxxx>
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
> ---
> drivers/usb/serial/ti_usb_3410_5052.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks, now queued up.
greg k-h
