DivestOS/Patches/Linux_CVEs/CVE-2016-3138/ANY/1.patch.dupe

40 lines
1.3 KiB
Plaintext
Raw Normal View History

2017-10-29 22:14:37 -04:00
From 801c5f937ef7edb23e411bc00d3695496b89dca2 Mon Sep 17 00:00:00 2001
From: Badhri Jagan Sridharan <Badhri@google.com>
Date: Tue, 30 Aug 2016 13:39:02 -0700
Subject: UPSTREAM: USB: cdc-acm: more sanity checking
commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream.
An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.
2017-10-29 22:14:37 -04:00
BUG: 28242610
Signed-off-by: Oliver Neukum <ONeukum@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-29 22:14:37 -04:00
Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
Change-Id: I9a5f7f3c704b65e866335054f470451fcfae9d1c
---
drivers/usb/class/cdc-acm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
2017-10-29 22:14:37 -04:00
index 9b1cbcf..f519d28 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
2017-10-29 22:14:37 -04:00
@@ -972,6 +972,9 @@ static int acm_probe(struct usb_interface *intf,
if (quirks == NO_UNION_NORMAL) {
data_interface = usb_ifnum_to_if(usb_dev, 1);
control_interface = usb_ifnum_to_if(usb_dev, 0);
+ /* we would crash */
+ if (!data_interface || !control_interface)
+ return -ENODEV;
goto skip_normal_probe;
}
--
cgit v1.1