]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 492207c) | patch
usb: core: config: Prevent OOB read in SS endpoint companion parsing
authorXinyu Liu <katieeliu@tencent.com>
Mon, 30 Jun 2025 02:02:56 +0000 (10:02 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 28 Aug 2025 14:28:31 +0000 (16:28 +0200)
commit5badd56c711e2c8371d1670f9bd486697575423c
tree9deae76d57e7dc10ed23b2927a8ba3d0b8a7a961tree
parent492207cf8372f558f5ef31db3e737df9097fa99bcommit | diff
usb: core: config: Prevent OOB read in SS endpoint companion parsing

commit cf16f408364efd8a68f39011a3b073c83a03612d upstream.

usb_parse_ss_endpoint_companion() checks descriptor type before length,
enabling a potentially odd read outside of the buffer size.

Fix this up by checking the size first before looking at any of the
fields in the descriptor.

Signed-off-by: Xinyu Liu <katieeliu@tencent.com>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/usb/core/config.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git