diff options
author | dheerajpdsk <p.dheeraj.srujan.kumar@intel.com> | 2022-06-16 23:47:53 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-16 23:47:53 +0300 |
commit | e0c224c79550bf49928bfb75f629233b1ef07c7a (patch) | |
tree | dfe08b91193d44f4984117dbd3eef9866e097582 /meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch | |
parent | 0945170f93cc0c101bf01739f41136c2f05af570 (diff) | |
parent | 1f4be67aa2cc61a3db46c577da5ccd88cc84fa16 (diff) | |
download | openbmc-e0c224c79550bf49928bfb75f629233b1ef07c7a.tar.xz |
Merge pull request #82 from Intel-BMC/update1-0.91-151
Update to internal 1-0.91-151
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch new file mode 100644 index 000000000..89f62c3fc --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-25258.patch @@ -0,0 +1,29 @@ +From 75e5b4849b81e19e9efe1654b30d7f3151c33c2c Mon Sep 17 00:00:00 2001 +From: Szymon Heidrich <szymon.heidrich@gmail.com> +Date: Mon, 24 Jan 2022 12:14:00 +0100 +Subject: [PATCH] USB: gadget: validate interface OS descriptor requests + +Stall the control endpoint in case provided index exceeds array size of +MAX_CONFIG_INTERFACES or when the retrieved function pointer is null. + +Signed-off-by: Szymon Heidrich <szymon.heidrich@gmail.com> +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + drivers/usb/gadget/composite.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c +index 16f9e3423c9faa..9315313108c9d5 100644 +--- a/drivers/usb/gadget/composite.c ++++ b/drivers/usb/gadget/composite.c +@@ -1988,6 +1988,9 @@ composite_setup(struct usb_gadget *gadget, const struct usb_ctrlrequest *ctrl) + if (w_index != 0x5 || (w_value >> 8)) + break; + interface = w_value & 0xFF; ++ if (interface >= MAX_CONFIG_INTERFACES || ++ !os_desc_cfg->interface[interface]) ++ break; + buf[6] = w_index; + count = count_ext_prop(os_desc_cfg, + interface); |