[PATCH 08/11][CVE-2016-3138] USB: cdc-acm: more sanity checking
Luis Henriques
luis.henriques at canonical.com
Wed Apr 27 14:15:57 UTC 2016
From: Oliver Neukum <oneukum at suse.com>
commit 8835ba4a39cf53f705417b3b3a94eb067673f2c9 upstream.
An attack has become available which pretends to be a quirky
device circumventing normal sanity checks and crashes the kernel
by an insufficient number of interfaces. This patch adds a check
to the code path for quirky devices.
Signed-off-by: Oliver Neukum <ONeukum at suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
CVE-2016-3138
BugLink: https://bugs.launchpad.net/bugs/1556880
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/usb/class/cdc-acm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index bbb217495917..3d96de0b278c 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -926,6 +926,9 @@ static int acm_probe(struct usb_interface *intf,
if (quirks == NO_UNION_NORMAL) {
data_interface = usb_ifnum_to_if(usb_dev, 1);
control_interface = usb_ifnum_to_if(usb_dev, 0);
+ /* we would crash */
+ if (!data_interface || !control_interface)
+ return -ENODEV;
goto skip_normal_probe;
}
More information about the kernel-team
mailing list