[SRU][B][F][PATCH 0/4] CVE-2022-3903
Magali Lemes
magali.lemes.do.sacramento at canonical.com
Fri Mar 10 18:20:06 UTC 2023
[Impact]
An incorrect read request flaw was found in the Infrared Transceiver USB
driver in the Linux kernel. This issue occurs when a user attaches a
malicious USB device. A local user could use this flaw to starve the
resources, causing denial of service or potentially crashing the system.
[Backport]
The fix is done by replacing the usb_control_msg() calls with
usb_control_msg_send/recv() ones during the device initialization. The
functions usb_control_msg_send/recv() are first defined in commit 719b8f2850,
adjusted in commit ddd1198e3e, and need the definition of the
usb_pipe_type_check() function, introduced in commit fcc2cc1f35. Therefore, we
need to cherry-pick/backport 4 commits.
[Test]
Compiled.
[Regression potential]
We expect minimal regression, since there was no functional change.
Alan Stern (1):
media: mceusb: Use new usb_control_msg_*() routines
Greg Kroah-Hartman (2):
USB: move snd_usb_pipe_sanity_check into the USB core
USB: add usb_control_msg_send() and usb_control_msg_recv()
Oliver Neukum (1):
USB: correct API of usb_control_msg_send/recv
drivers/media/rc/mceusb.c | 35 ++++------
drivers/usb/core/message.c | 137 +++++++++++++++++++++++++++++++++++++
drivers/usb/core/urb.c | 31 ++++++---
include/linux/usb.h | 9 +++
4 files changed, 183 insertions(+), 29 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list