On Mon, Dec 10, 2018 at 01:50:20PM +0100, Sebastian Andrzej Siewior wrote: > On 2018-12-10 09:04:43 [+0100], Greg KH wrote: > > From: Hui Peng <[email protected]> > > > > The function hso_probe reads if_num from the USB device (as an u8) and uses > > it without a length check to index an array, resulting in an OOB memory read > > in hso_probe or hso_get_config_data. Added a length check for both locations > > and updated hso_probe to bail on error. > > The function hso_probe reads if_num from the USB device (as an u8) and uses > it without a length check to index an array, resulting in an OOB memory read > in hso_probe or hso_get_config_data. > > Add a length check for both locations and update hso_probe to bail on > error. > > > This issue has been assigned CVE-2018-19985. > > > > Reported-by: Hui Peng <[email protected]> > > Reported-by: Mathias Payer <[email protected]> > > Signed-off-by: Hui Peng <[email protected]> > > Signed-off-by: Mathias Payer <[email protected]> > > Signed-off-by: Greg Kroah-Hartman <[email protected]> > > Reviewed-by: Sebastian Andrzej Siewior <[email protected]>
Thanks, will update the changelog and add resend. greg k-h
