github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
9f7e157464
linux/drivers
History
Johan Hovold 9f7e157464 USB: ldusb: fix read info leaks 
commit 7a6f22d747 upstream.

Fix broken read implementation, which could be used to trigger slab info
leaks.

The driver failed to check if the custom ring buffer was still empty
when waking up after having waited for more data. This would happen on
every interrupt-in completion, even if no data had been added to the
ring buffer (e.g. on disconnect events).

Due to missing sanity checks and uninitialised (kmalloced) ring-buffer
entries, this meant that huge slab info leaks could easily be triggered.

Note that the empty-buffer check after wakeup is enough to fix the info
leak on disconnect, but let's clear the buffer on allocation and add a
sanity check to read() to prevent further leaks.

Fixes: 2824bd250f ("[PATCH] USB: add ldusb driver")
Cc: stable <stable@vger.kernel.org>     # 2.6.13
Reported-by: syzbot+6fe95b826644f7f12b0b@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191018151955.25135-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-10-29 09:19:47 +01:00
..
accessibility
acpi ACPI/PPTT: Add support for ACPI 6.3 thread flag 2019-10-17 13:45:34 -07:00
amba
android binder: fix possible UAF when freeing buffer 2019-08-04 09:30:53 +02:00
ata libata/ahci: Fix PCS quirk application 2019-10-29 09:19:36 +01:00
atm Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105 2019-09-21 07:16:57 +02:00
auxdisplay auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach 2019-09-06 10:21:56 +02:00
base soundwire: fix regmap dependencies and align with other serial links 2019-10-07 18:57:27 +02:00
bcma
block nbd: fix crash when the blksize is zero 2019-10-11 18:21:26 +02:00
bluetooth Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices 2019-10-01 08:26:12 +02:00
bus bus: ti-sysc: Simplify cleanup upon failures in sysc_probe() 2019-09-21 07:16:51 +02:00
cdrom
char ipmi_si: Only schedule continuously in the thread in maintenance mode 2019-10-07 18:56:39 +02:00
clk clk: sprd: add missing kfree 2019-10-07 18:57:03 +02:00
clocksource clocksource/drivers/exynos_mct: Increase priority over ARM arch timer 2019-07-26 09:14:12 +02:00
connector
cpufreq cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() 2019-08-16 10:12:46 +02:00
cpuidle
crypto crypto: ccree - use the full crypt length value 2019-10-11 18:20:55 +02:00
dax mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses 2019-05-22 07:37:40 +02:00
dca
devfreq PM / devfreq: tegra: Fix kHz to Hz conversion 2019-10-11 18:20:46 +02:00
dio
dma dmaengine: ti: edma: Do not reset reserved paRAM slots 2019-10-05 13:09:54 +02:00
dma-buf dma-buf/sw_sync: Synchronize signal vs syncpt free 2019-10-07 18:57:04 +02:00
edac EDAC/amd64: Decode syndrome before translating address 2019-10-05 13:09:48 +02:00
eisa
extcon extcon: arizona: Disable mic detect if running when driver is removed 2019-05-31 06:46:23 -07:00
firewire
firmware firmware: google: increment VPD key_len properly 2019-10-17 13:45:20 -07:00
fmc
fpga fpga: altera-ps-spi: Fix getting of optional confd gpio 2019-09-21 07:16:53 +02:00
fsi fsi: scom: Don't abort operations for minor errors 2019-09-06 10:22:19 +02:00
gnss
gpio gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source 2019-10-17 13:45:21 -07:00
gpu Revert "drm/radeon: Fix EEH during kexec" 2019-10-29 09:19:37 +01:00
hid HID: apple: Fix stuck function keys when using FN 2019-10-07 18:57:12 +02:00
hsi
hv Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up 2019-09-16 08:21:54 +02:00
hwmon hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' 2019-10-05 13:09:54 +02:00
hwspinlock
hwtracing coresight: etm4x: Use explicit barriers on enable/disable 2019-10-11 18:21:39 +02:00
i2c i2c-cht-wc: Fix lockdep warning 2019-10-07 18:57:08 +02:00
ide
idle
iio iio: adc: stm32-adc: fix a race when using several adcs with dma and irq 2019-10-17 13:45:23 -07:00
infiniband IB/hfi1: Define variables as unsigned long to fix KASAN warning 2019-10-05 13:10:02 +02:00
input Input: elan_i2c - remove Lenovo Legion Y7000 PnpID 2019-09-21 07:16:41 +02:00
iommu iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems 2019-10-05 13:09:59 +02:00
ipack
irqchip irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices 2019-10-01 08:26:08 +02:00
isdn mISDN: enforce CAP_NET_RAW for raw sockets 2019-10-05 13:09:31 +02:00
leds led: triggers: Fix a memory leak bug 2019-10-05 13:09:45 +02:00
lightnvm lightnvm: pblk: fix freeing of merged pages 2019-07-26 09:14:09 +02:00
macintosh
mailbox mbox: qcom: add APCS child device for QCS404 2019-10-07 18:57:02 +02:00
mcb
md md/raid0: fix warning message for parameter default_layout 2019-10-29 09:19:37 +01:00
media media: stkwebcam: fix runtime PM after driver unbind 2019-10-17 13:45:36 -07:00
memory memory: tegra: Fix integer overflow on tick value calculation 2019-05-25 18:23:32 +02:00
memstick memstick: Fix error cleanup path of memstick_init 2019-07-31 07:26:59 +02:00
message
mfd mfd: intel-lpss: Remove D3cold delay 2019-10-07 18:57:08 +02:00
misc mei: avoid FW version request on Ibex Peak and earlier 2019-10-17 13:45:10 -07:00
mmc mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence 2019-10-11 18:21:05 +02:00
mtd mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() 2019-10-01 08:26:02 +02:00
mux
net net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow 2019-10-29 09:19:42 +01:00
nfc st_nci_hci_connectivity_event_received: null check the allocation 2019-08-29 08:28:31 +02:00
ntb ntb: point to right memory window index 2019-10-11 18:21:18 +02:00
nubus
nvdimm libnvdimm/region: Initialize bad block for volatile namespaces 2019-10-11 18:21:20 +02:00
nvme nvme-pci: Fix a race in controller removal 2019-10-29 09:19:29 +01:00
nvmem nvmem: Use the same permissions for eeprom as for nvmem 2019-09-19 09:09:41 +02:00
of of: overlay: set node fields from properties when add new overlay node 2019-06-09 09:17:24 +02:00
opp
oprofile
parisc parisc: Disable HP HSC-PCI Cards to prevent kernel crash 2019-10-05 13:10:04 +02:00
parport parport: Fix mem leak in parport_register_dev_model 2019-06-25 11:35:55 +08:00
pci PCI: vmd: Fix config addressing when using bus offsets 2019-10-17 13:45:44 -07:00
pcmcia
perf drivers/perf: arm_pmu: Fix failure path in PM notifier 2019-08-06 19:06:55 +02:00
phy phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current 2019-09-21 07:16:42 +02:00
pinctrl pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c 2019-10-07 18:57:00 +02:00
platform platform/x86: intel_pmc_core: Do not ioremap RAM 2019-10-05 13:09:55 +02:00
pnp
power power: supply: sbs-battery: only return health when battery present 2019-10-11 18:20:56 +02:00
powercap
pps drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl 2019-08-04 09:30:56 +02:00
ps3
ptp
pwm pwm: stm32-lp: Add check in case requested period cannot be achieved 2019-10-11 18:21:17 +02:00
rapidio drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings 2019-08-06 19:06:52 +02:00
ras RAS/CEC: Fix pfn insertion 2019-07-26 09:14:05 +02:00
regulator regulator: Defer init completion for a while after late_initcall 2019-10-05 13:10:07 +02:00
remoteproc remoteproc: qcom: q6v5-mss: add SCM probe dependency 2019-09-16 08:21:48 +02:00
reset
rpmsg
rtc rtc: pcf85363/pcf85263: fix regmap error in set_time 2019-10-07 18:57:12 +02:00
s390 s390/cio: avoid calling strlen on null pointer 2019-10-11 18:21:08 +02:00
sbus
scsi scsi: qla2xxx: Fix unbound sleep in fcport delete path. 2019-10-29 09:19:30 +01:00
sfi
sh
siox
slimbus slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register 2019-05-31 06:46:14 -07:00
sn
soc soc: bcm: brcmstb: biuctrl: Register writes require a barrier 2019-07-14 08:11:03 +02:00
soundwire soundwire: fix regmap dependencies and align with other serial links 2019-10-07 18:57:27 +02:00
spi spi: spi-gpio: fix SPI_CS_HIGH capability 2019-09-16 08:22:07 +02:00
spmi
ssb ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit 2019-05-31 06:46:04 -07:00
staging staging: vt6655: Fix memory leak in vt6655_probe 2019-10-17 13:45:11 -07:00
target scsi: target/iblock: Fix overrun in WRITE SAME emulation 2019-09-16 08:22:17 +02:00
tc
tee
thermal thermal_hwmon: Sanitize thermal_zone type 2019-10-11 18:21:19 +02:00
thunderbolt thunderbolt: property: Fix a NULL pointer dereference 2019-05-31 06:46:31 -07:00
tty serial: uartlite: fix exit path null pointer 2019-10-17 13:45:00 -07:00
uio
usb USB: ldusb: fix read info leaks 2019-10-29 09:19:47 +01:00
uwb
vfio vfio_pci: Restore original state on release 2019-10-07 18:56:53 +02:00
vhost vhost: make sure log_num < in_num 2019-09-16 08:22:25 +02:00
video video: ssd1307fb: Start page range at page_offset 2019-10-07 18:56:30 +02:00
virt drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl 2019-05-16 19:41:31 +02:00
virtio
visorbus
vlynq
vme
w1 w1: fix the resume command API 2019-05-31 06:46:14 -07:00
watchdog watchdog: aspeed: Add support for AST2600 2019-10-11 18:21:15 +02:00
xen xen/pci: reserve MCFG areas earlier 2019-10-11 18:21:13 +02:00
zorro
Kconfig
Makefile