DivestOS/Patches/Linux_CVEs/CVE-2016-3138/ANY/0.patch

From 8835ba4a39cf53f705417b3b3a94eb067673f2c9 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum@suse.com>
Date: Tue, 15 Mar 2016 10:14:04 +0100
Subject: USB: cdc-acm: more sanity checking

An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/usb/class/cdc-acm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 1d2c99a..83fd30b 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1179,6 +1179,9 @@ static int acm_probe(struct usb_interface *intf,
 	if (quirks == NO_UNION_NORMAL) {
 		data_interface = usb_ifnum_to_if(usb_dev, 1);
 		control_interface = usb_ifnum_to_if(usb_dev, 0);
+		/* we would crash */
+		if (!data_interface || !control_interface)
+			return -ENODEV;
 		goto skip_normal_probe;
 	}
 
-- 
cgit v1.1
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From 8835ba4a39cf53f705417b3b3a94eb067673f2c9 Mon Sep 17 00:00:00 2001`
			`From: Oliver Neukum <oneukum@suse.com>`
			`Date: Tue, 15 Mar 2016 10:14:04 +0100`
			`Subject: USB: cdc-acm: more sanity checking`

			`An attack has become available which pretends to be a quirky`
			`device circumventing normal sanity checks and crashes the kernel`
			`by an insufficient number of interfaces. This patch adds a check`
			`to the code path for quirky devices.`

			`Signed-off-by: Oliver Neukum <ONeukum@suse.com>`
			`CC: stable@vger.kernel.org`
			`Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>`
			`---`
			`drivers/usb/class/cdc-acm.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c`
			`index 1d2c99a..83fd30b 100644`
			`--- a/drivers/usb/class/cdc-acm.c`
			`+++ b/drivers/usb/class/cdc-acm.c`
			`@@ -1179,6 +1179,9 @@ static int acm_probe(struct usb_interface *intf,`
			`if (quirks == NO_UNION_NORMAL) {`
			`data_interface = usb_ifnum_to_if(usb_dev, 1);`
			`control_interface = usb_ifnum_to_if(usb_dev, 0);`
			`+ /* we would crash */`
			`+ if (!data_interface \|\| !control_interface)`
			`+ return -ENODEV;`
			`goto skip_normal_probe;`
			`}`

			`--`
			`cgit v1.1`