shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-03-26 12:30:23 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
a6d4ce2e8b653ff7facde0d0051663fa4cf57b78
linux/drivers
History
Greg Kroah-Hartman a6d4ce2e8b USB: fix out-of-bounds in usb_set_configuration 
commit bd7a3fe770 upstream.

Andrey Konovalov reported a possible out-of-bounds problem for a USB interface
association descriptor.  He writes:
	It seems there's no proper size check of a USB_DT_INTERFACE_ASSOCIATION
	descriptor. It's only checked that the size is >= 2 in
	usb_parse_configuration(), so find_iad() might do out-of-bounds access
	to intf_assoc->bInterfaceCount.

And he's right, we don't check for crazy descriptors of this type very well, so
resolve this problem.  Yet another issue found by syzkaller...

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-10-12 11:51:17 +02:00
..
accessibility
acpi
ACPI: EC: Fix regression related to wrong ECDT initialization order
2017-08-30 10:21:56 +02:00
amba
android
ANDROID: binder: fix proc->tsk check.
2017-08-30 10:21:53 +02:00
ata
libata: transport: Remove circular dependency at free time
2017-10-08 10:26:11 +02:00
atm
atm: fix improper return value
2016-12-05 14:53:46 -05:00
auxdisplay
auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
2017-03-30 09:41:27 +02:00
base
PM: core: Fix device_pm_check_callbacks()
2017-10-05 09:44:01 +02:00
bcma
bcma: use (get|put)_device when probing/removing device driver
2017-03-12 06:41:52 +01:00
block
skd: Submit requests to firmware before triggering the doorbell
2017-09-27 14:39:21 +02:00
bluetooth
Bluetooth: Add support of 13d3:3494 RTL8723BE device
2017-09-09 17:39:40 +02:00
bus
bus: vexpress-config: fix device reference leak
2017-01-19 20:18:07 +01:00
cdrom
char
ipmi/watchdog: fix watchdog timeout set on reboot
2017-08-06 18:59:43 -07:00
clk
clk/axs10x: Clear init field in driver probe
2017-10-08 10:26:04 +02:00
clocksource
clocksource/drivers/arm_arch_timer: Don't assume clock runs in suspend
2017-04-12 12:41:16 +02:00
connector
cpufreq
cpufreq: intel_pstate: Update pid_params.sample_rate_ns in pid_param_set()
2017-10-08 10:26:10 +02:00
cpuidle
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
2016-10-15 09:26:12 -07:00
crypto
crypto: talitos - fix hashing
2017-10-05 09:44:00 +02:00
dax
device-dax: fix sysfs duplicate warnings
2017-08-06 18:59:43 -07:00
dca
devfreq
PM / devfreq: Fix memory leak when fail to register device
2017-09-27 14:39:24 +02:00
dio
dma
dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path.
2017-08-06 18:59:46 -07:00
dma-buf
dma-buf: add support for compat ioctl
2017-04-18 07:11:50 +02:00
edac
Merge tag 'edac_for_4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp
2016-10-04 12:06:26 -07:00
eisa
extcon
extcon: axp288: Use vbus-valid instead of -present to determine cable presence
2017-10-08 10:26:03 +02:00
firewire
firewire: net: fix fragmented datagram_size off-by-one
2016-11-03 14:46:39 +01:00
firmware
efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
2017-04-21 09:31:20 +02:00
fmc
fpga
gpio
gpiolib: skip unwanted events, don't convert them to opposite edge
2017-08-11 08:49:30 -07:00
gpu
drm: mali-dp: Fix transposed horizontal/vertical flip
2017-10-08 10:26:07 +02:00
hid
HID: wacom: release the resources before leaving despite devm
2017-10-08 10:26:07 +02:00
hsi
hv
Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
2017-03-30 09:41:27 +02:00
hwmon
hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes
2017-10-08 10:26:04 +02:00
hwspinlock
hwtracing
intel_th: pci: Add Cannon Lake PCH-LP support
2017-09-09 17:39:39 +02:00
i2c
i2c: meson: fix wrong variable usage in meson_i2c_put_data
2017-10-08 10:26:11 +02:00
ide
idle
x86/intel_idle: Add CPU model 0x4a (Atom Z34xx series)
2017-04-12 12:41:17 +02:00
iio
iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
2017-10-08 10:26:04 +02:00
infiniband
IB/qib: fix false-postive maybe-uninitialized warning
2017-10-08 10:26:11 +02:00
input
Input: i8042 - add Gigabyte P57 to the keyboard reset table
2017-09-27 14:39:19 +02:00
iommu
iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
2017-10-08 10:26:10 +02:00
ipack
ipack: print a hex number after a 0x prefix
2016-10-27 18:43:43 -07:00
irqchip
irqchip: mips-gic: SYNC after enabling GIC region
2017-09-07 08:35:39 +02:00
isdn
isdn/i4l: fix buffer overflow
2017-08-06 18:59:42 -07:00
leds
Revert "leds: handle suspend/resume in heartbeat trigger"
2017-08-30 10:21:51 +02:00
lguest
lightnvm
Merge branch 'for-4.9/block' of git://git.kernel.dk/linux-block
2016-10-07 14:42:05 -07:00
macintosh
powerpc: Remove all usages of NO_IRQ
2016-09-20 20:57:12 +10:00
mailbox
mailbox: handle empty message in tx_tick
2017-08-06 18:59:42 -07:00
mcb
MCB: add support for SC31 to mcb-lpc
2017-09-09 17:39:41 +02:00
md
md/raid10: submit bio directly to replacement disk
2017-10-08 10:26:11 +02:00
media
ttpci: address stringop overflow warning
2017-10-08 10:26:12 +02:00
memory
memory/atmel-ebi: Fix ns <-> cycles conversions
2017-03-15 10:02:45 +08:00
memstick
memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
2016-10-17 15:43:05 +02:00
message
mfd
mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
2017-06-24 07:11:14 +02:00
misc
lkdtm: Fix Oops when unloading the module
2017-10-08 10:26:07 +02:00
mmc
mmc: sdio: fix alignment issue in struct sdio_func
2017-10-08 10:26:08 +02:00
mtd
mtd: nand: qcom: fix config error for BCH
2017-09-13 14:13:36 -07:00
net
ibmvnic: Free tx/rx scrq pointer array when releasing sub-crqs
2017-10-08 10:26:10 +02:00
nfc
nfc: fdp: fix NULL pointer dereference
2017-08-06 18:59:42 -07:00
ntb
ntb: transport shouldn't disable link due to bogus values in SPADs
2017-08-30 10:21:55 +02:00
nubus
nvdimm
libnvdimm: fix badblock range handling of ARS range
2017-07-27 15:08:02 -07:00
nvme
nvme-rdma: handle cpu unplug when re-establishing the controller
2017-10-08 10:26:10 +02:00
nvmem
nvmem: imx-ocotp: Fix wrong register size
2017-08-06 18:59:48 -07:00
of
of: device: Export of_device_{get_modalias, uvent_modalias} to modules
2017-07-27 15:08:08 -07:00
oprofile
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2016-10-10 20:16:43 -07:00
parisc
parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo
2017-08-24 17:12:18 -07:00
parport
parisc, parport_gsc: Fixes for printk continuation lines
2017-06-17 06:41:54 +02:00
pci
PCI: Fix race condition with driver_override
2017-10-05 09:44:03 +02:00
pcmcia
pcmcia: fix return value of soc_pcmcia_regulator_set
2016-11-11 08:45:08 -08:00
perf
perf: xgene: Remove bogus IS_ERR() check
2016-10-17 15:50:07 +01:00
phy
phy: qcom-usb-hs: Add depends on EXTCON
2017-05-14 14:00:19 +02:00
pinctrl
pinctrl/amd: save pin registers over suspend/resume
2017-09-27 14:39:19 +02:00
platform
platform/x86: ideapad-laptop: handle ACPI event 1
2017-07-05 14:40:23 +02:00
pnp
power
power: supply: axp288_fuel_gauge: Fix fuel_gauge_reg_readb return on error
2017-10-08 10:26:03 +02:00
powercap
powercap/intel_rapl: fix and tidy up error handling
2017-01-19 20:18:07 +01:00
pps
pps: kc: fix non-tickless system config dependency
2016-10-11 15:06:32 -07:00
ps3
powerpc: Remove all usages of NO_IRQ
2016-09-20 20:57:12 +10:00
ptp
drivers/ptp: Fix kernel memory disclosure
2016-10-13 10:20:06 -04:00
pwm
pwm: rockchip: State of PWM clock should synchronize with PWM enabled state
2017-04-21 09:31:22 +02:00
rapidio
drivers/rapidio/devices/tsi721.c: make module parameter variable name unique
2017-10-08 10:26:09 +02:00
ras
regulator
regulator: tps65086: Fix DT node referencing in of_parse_cb
2017-07-05 14:40:29 +02:00
remoteproc
remoteproc: qcom: mdt_loader: Don't overwrite firmware object
2017-03-12 06:41:50 +01:00
reset
reset: ti_syscon: fix a ti_syscon_reset_status issue
2017-10-08 10:26:03 +02:00
rpmsg
rpmsg: virtio_rpmsg_bus: fix channel creation
2017-01-26 08:24:44 +01:00
rtc
rtc: tegra: Implement clock handling
2017-04-21 09:31:24 +02:00
s390
scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
2017-09-27 14:39:22 +02:00
sbus
scsi
scsi: be2iscsi: Add checks to validate CID alloc/free
2017-10-08 10:26:03 +02:00
sfi
sh
sn
soc
soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe()
2017-01-26 08:24:45 +01:00
spi
spi: pxa2xx: Add support for Intel Gemini Lake
2017-10-08 10:26:06 +02:00
spmi
spmi: Include OF based modalias in device uevent
2017-07-27 15:08:08 -07:00
ssb
ssb: Fix error routine when fallback SPROM fails
2017-01-09 08:32:16 +01:00
staging
staging/rts5208: fix incorrect shift to extract upper nybble
2017-09-09 17:39:37 +02:00
target
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
2017-08-16 13:43:17 -07:00
tc
thermal
thermal: cpu_cooling: Avoid accessing potentially freed structures
2017-07-27 15:07:55 -07:00
thunderbolt
tty
serial: 8250_port: Remove dangerous pr_debug()
2017-10-08 10:26:05 +02:00
uio
usb
USB: fix out-of-bounds in usb_set_configuration
2017-10-12 11:51:17 +02:00
uwb
uwb: fix device quirk on big-endian hosts
2017-05-25 15:44:46 +02:00
vfio
vfio-pci: Handle error from pci_iomap
2017-08-06 18:59:48 -07:00
vhost
vhost_net: correctly check tx avail during rx busy polling
2017-09-20 08:19:56 +02:00
video
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
2017-10-05 09:44:05 +02:00
virt
mm: replace get_user_pages() write/force parameters with gup_flags
2016-10-19 08:11:43 -07:00
virtio
virtio_balloon: init 1st buffer in stats vq
2017-03-31 10:31:45 +02:00
vlynq
vme
VME: restore bus_remove function causing incomplete module unload
2017-03-12 06:41:50 +01:00
w1
w1: ds2490: USB transfer buffers need to be DMAable
2017-03-12 06:41:48 +01:00
watchdog
watchdog: bcm281xx: Fix use of uninitialized spinlock.
2017-07-05 14:40:28 +02:00
xen
swiotlb-xen: implement xen_swiotlb_dma_mmap callback
2017-10-05 09:44:05 +02:00
zorro
Kconfig
Makefile
usb: Make sure usb/phy/of gets built-in
2017-05-20 14:28:35 +02:00