Seth/kernel_amazon_mt8127-common
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb32438b77c3cf330c9e830b45a2ceddc6d0eb14
kernel_amazon_mt8127-common/drivers
T
History
Johan Hovold cb32438b77 USB: serial: io_ti: fix information leak in completion handler 
commit 654b404f2a222f918af9b0cd18ad469d0c941a8e upstream.

Add missing sanity check to the bulk-in completion handler to avoid an
integer underflow that can be triggered by a malicious device.

This avoids leaking 128 kB of memory content from after the URB transfer
buffer to user space.

Fixes: 8c209e6782 ("USB: make actual_length in struct urb field u32")
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>
2017-06-08 00:47:03 +02:00
..
accessibility
acpi
ACPI / APEI: Fix incorrect return value of ghes_proc()
2017-02-10 11:04:05 +01:00
amba
ata
scsi: fix race between simultaneous decrements of ->host_failed
2016-08-27 11:40:28 +02:00
atm
auxdisplay
auxdisplay: ks0108: fix refcount
2015-09-21 10:00:09 -07:00
base
driver core: fix race between creating/querying glue dir and its cleanup
2017-02-10 11:03:30 +01:00
bcma
block
drbd: Fix kernel_sendmsg() usage - potential NULL deref
2017-02-10 11:03:59 +01:00
bluetooth
Bluetooth: vhci: purge unhandled skbs
2016-06-07 10:42:55 +02:00
bus
bus: mvebu: pass the coherency availability information at init time
2015-07-03 19:48:09 -07:00
cdrom
char
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
2017-02-10 11:03:33 +01:00
clk
clk: clk-wm831x: fix a logic error
2017-06-08 00:46:53 +02:00
clocksource
clocksource/drivers/vt8500: Increase the minimum delta
2016-03-03 15:06:20 -08:00
connector
connector: bump skb->users before callback invocation
2016-01-28 21:49:33 -08:00
cpufreq
cpuidle
cpuidle / menu: Return (-1) if there are no suitable states
2015-08-03 09:29:41 -07:00
crypto
crypto: caam - fix non-hmac hashes
2017-06-08 00:46:57 +02:00
dca
devfreq
PM / devfreq: Fix incorrect type issue.
2017-02-06 09:04:07 +01:00
dio
dma
dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup
2015-08-03 09:29:46 -07:00
edac
EDAC: Increment correct counter in edac_inc_ue_error()
2017-02-10 11:03:36 +01:00
eisa
extcon
firewire
firewire: net: fix fragmented datagram_size off-by-one
2017-02-10 11:03:51 +01:00
firmware
efi: Fix out-of-bounds read in variable_matches()
2016-06-07 10:42:51 +02:00
gpio
gpio: mpc8xxx: Correct irq handler function
2017-02-10 11:04:03 +01:00
gpu
drm/nv50/disp: min/max are reversed in nv50_crtc_gamma_set()
2017-06-08 00:47:00 +02:00
hid
HID: hid-input: Add parentheses to quell gcc warning
2016-08-27 11:40:40 +02:00
hsi
hv
hv: do not lose pending heartbeat vmbus packets
2017-02-10 11:04:04 +01:00
hwmon
hwmon: (ds620) Fix overflows seen when writing temperature limits
2017-06-08 00:46:53 +02:00
hwspinlock
i2c
i2c: at91: fix write transfers by clearing pending interrupt first
2017-02-10 11:03:34 +01:00
ide
idle
iio
iio: accel: kxsd9: Fix scaling bug
2017-02-10 11:03:35 +01:00
infiniband
IB/ipoib: Fix deadlock between rmmod and set_mode
2017-06-08 00:47:02 +02:00
input
Input: i8042 - add Pegatron touchpad to noloop table
2017-06-08 00:46:54 +02:00
iommu
iommu/amd: Fix the left value check of cmd buffer
2017-06-08 00:46:53 +02:00
ipack
irqchip
isdn
ser_gigaset: return -ENOMEM on error instead of success
2017-06-08 00:46:53 +02:00
leds
lguest
lguest: fix out-by-one error in address checking.
2015-06-05 23:19:54 -07:00
macintosh
windfarm: decrement client count when unregistering
2015-10-22 14:37:49 -07:00
mailbox
md
dm: flush queued bios when process blocks to avoid deadlock
2017-06-08 00:47:02 +02:00
media
uvcvideo: Fix a wrong macro
2017-06-08 00:47:01 +02:00
memory
memstick
memstick: mspro_block: add missing curly braces
2015-05-06 21:56:28 +02:00
message
mfd
mfd: pm8921: Potential NULL dereference in pm8921_remove()
2017-06-08 00:47:00 +02:00
misc
mei: bus: fix received data size check in NFC fixup
2017-02-10 11:04:04 +01:00
mmc
mmc: mxs-mmc: Fix additional cycles after transmission stop
2017-06-08 00:46:56 +02:00
mtd
mtd: nand: xway: disable module support
2017-06-08 00:46:56 +02:00
net
ath9k: use correct OTP register offsets for the AR9340 and AR9550
2017-06-08 00:47:01 +02:00
nfc
ntb
nubus
of
of/address: Don't loop forever in of_find_matching_node_by_address().
2015-09-21 10:00:09 -07:00
oprofile
parisc
parisc iommu: fix panic due to trying to allocate too large region
2016-01-28 21:49:36 -08:00
parport
drivers: parport: Kconfig: exclude arm64 for PARPORT_PC
2015-05-06 21:56:26 +02:00
pci
powerpc/pci/rpadlpar: Fix device reference leaks
2017-06-08 00:46:53 +02:00
pcmcia
Disable write buffering on Toshiba ToPIC95
2015-08-03 09:29:41 -07:00
pinctrl
pinctrl: mvebu: armada-xp: fix functions of MPP48
2015-08-03 09:29:42 -07:00
platform
goldfish: Sanitize the broken interrupt handler
2017-06-08 00:47:00 +02:00
pnp
asmlinkage, pnp: Make variables used from assembler code visible
2016-06-07 10:42:53 +02:00
power
wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
2016-03-03 15:06:20 -08:00
pps
ps3
ptp
pwm
rapidio
regulator
regulator: tps65910: Work around silicon erratum SWCZ010
2017-02-10 11:04:08 +01:00
remoteproc
remoteproc: avoid stack overflow in debugfs file
2016-02-19 14:22:37 -08:00
reset
rpmsg
rtc
rtc: vr41xx: Wire up alarm_irq_enable
2016-06-07 10:42:51 +02:00
s390
s390/qdio: clear DSCI prior to scanning multiple input queues
2017-06-08 00:47:02 +02:00
sbus
scsi
scsi: aacraid: Reorder Adapter status check
2017-06-08 00:47:01 +02:00
sfi
sh
sn
spi
spi: spi-xilinx: cleanup a check in xilinx_spi_txrx_bufs()
2016-08-27 11:40:41 +02:00
ssb
ssbi
staging
staging: iio: ad7606: fix improper setting of oversampling pins
2017-06-08 00:46:52 +02:00
target
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
2017-06-08 00:46:53 +02:00
tc
thermal
thermal: hwmon: Properly report critical temperature in sysfs
2017-02-10 11:03:35 +01:00
tty
vt: clear selection before resizing
2017-02-10 11:03:41 +01:00
uio
uio: fix dmem_region_start computation
2017-02-10 11:04:03 +01:00
usb
USB: serial: io_ti: fix information leak in completion handler
2017-06-08 00:47:03 +02:00
uwb
vfio
vhost
vhost/scsi: potential memory corruption
2015-10-01 12:07:34 +02:00
video
fbdev: color map copying bounds checking
2017-06-08 00:46:47 +02:00
virt
virtio
balloon: check the number of available pages in leak balloon
2016-08-27 11:40:37 +02:00
vlynq
vme
w1
watchdog
watchdog: rc32434_wdt: fix ioctl error handling
2016-06-07 10:42:46 +02:00
xen
xen-pciback: Add name prefix to global 'permissive' variable
2017-02-06 23:32:50 +01:00
zorro
Kconfig
Makefile