RAVENPLAT 2390:OSS vulnerability found in [boot.img]:[linux_kernel] (CVE-2018-20169) Risk:[] [1/1]
PD#OTT-5679
[Problem]
[Solution]
USB: check usb_get_extra_descriptor for proper size
When reading an extra descriptor, we need to properly check the minimum
and maximum size allowed, to prevent from invalid data being sent by a
device.
Change-Id: Ie3dbdb24bebc0f2813b0bedd2261f8246ddd71d3
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hui Peng <benquike@gmail.com>
Signed-off-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
projects / platform / kernel / linux-amlogic.git / commit