]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e48df7a) | patch
usb: core: config: Prevent OOB read in SS endpoint companion parsing
authorXinyu Liu <katieeliu@tencent.com>
Mon, 30 Jun 2025 02:02:56 +0000 (10:02 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 20 Aug 2025 16:36:29 +0000 (18:36 +0200)
commit4fe6f472f0beef4281e6f03bc38a910a33be663f
treeed2040e6e17ae41b4d4feee706e4954914144d9ctree | snapshot
parente48df7a14758a614373fa15e0809cfc776e39b74commit | diff
usb: core: config: Prevent OOB read in SS endpoint companion parsing

commit cf16f408364efd8a68f39011a3b073c83a03612d upstream.

usb_parse_ss_endpoint_companion() checks descriptor type before length,
enabling a potentially odd read outside of the buffer size.

Fix this up by checking the size first before looking at any of the
fields in the descriptor.

Signed-off-by: Xinyu Liu <katieeliu@tencent.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/config.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git