ACK: [SRU][B][F][PATCH 0/4] CVE-2022-3903
Tim Gardner
tim.gardner at canonical.com
Fri Mar 10 18:29:27 UTC 2023
On 3/10/23 11:20 AM, Magali Lemes wrote:
> [Impact]
> An incorrect read request flaw was found in the Infrared Transceiver USB
> driver in the Linux kernel. This issue occurs when a user attaches a
> malicious USB device. A local user could use this flaw to starve the
> resources, causing denial of service or potentially crashing the system.
>
> [Backport]
> The fix is done by replacing the usb_control_msg() calls with
> usb_control_msg_send/recv() ones during the device initialization. The
> functions usb_control_msg_send/recv() are first defined in commit 719b8f2850,
> adjusted in commit ddd1198e3e, and need the definition of the
> usb_pipe_type_check() function, introduced in commit fcc2cc1f35. Therefore, we
> need to cherry-pick/backport 4 commits.
>
> [Test]
> Compiled.
>
> [Regression potential]
> We expect minimal regression, since there was no functional change.
>
> Alan Stern (1):
> media: mceusb: Use new usb_control_msg_*() routines
>
> Greg Kroah-Hartman (2):
> USB: move snd_usb_pipe_sanity_check into the USB core
> USB: add usb_control_msg_send() and usb_control_msg_recv()
>
> Oliver Neukum (1):
> USB: correct API of usb_control_msg_send/recv
>
> drivers/media/rc/mceusb.c | 35 ++++------
> drivers/usb/core/message.c | 137 +++++++++++++++++++++++++++++++++++++
> drivers/usb/core/urb.c | 31 ++++++---
> include/linux/usb.h | 9 +++
> 4 files changed, 183 insertions(+), 29 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list