]> git.ipfire.org Git - thirdparty/linux.git/commit
projects / thirdparty / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4085f0d) | patch
USB: serial: omninet: fix memory corruption with small endpoint
authorJohan Hovold <johan@kernel.org>
Fri, 22 May 2026 14:20:58 +0000 (16:20 +0200)
committerJohan Hovold <johan@kernel.org>
Sat, 23 May 2026 07:07:30 +0000 (09:07 +0200)
commit60df93d30f9bdd27db17c4d80ed80ef718d7226b
treedc93818b51fddc79ba254bf186478102c43ce6d4tree | snapshot
parent4085f0dbb1ce2251c9a5938d693de6593f0ab2bdcommit | diff
USB: serial: omninet: fix memory corruption with small endpoint

Make sure that the bulk-out buffers are at least as large as the
hardcoded transfer size to avoid user-controlled slab corruption should
a malicious device report a smaller endpoint max packet size than
expected.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
drivers/usb/serial/omninet.c diff | blob | blame | history
A mirror of Linus' kernel repository