raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-27 20:42:52 +00:00
Code Issues Projects Releases Wiki Activity
Files
da5d09f7f201f41eff88adccbfed13d930b6a2e6
linux/drivers/usb/misc
History
Jann Horn ce6037ad83 USB: yurex: fix out-of-bounds uaccess in read handler 
commit f1e255d60a upstream.

In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

Fix it by using simple_read_from_buffer() instead of custom logic.

Fixes: 6bc235a2e2 ("USB: add driver for Meywa-Denki & Kayac YUREX")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-07-17 11:48:27 +02:00
..
sisusbvga
console: Expand dummy functions for CFI
2018-02-27 10:17:33 +01:00
adutux.c
USB: adutux: Add waiting in transfer abortion
2018-03-09 09:37:10 -08:00
appledisplay.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
chaoskey.c
USB: chaoskey: Use kasprintf() over strcpy()/strcat()
2018-02-22 15:17:05 +01:00
cypress_cy7c63.c
USB: move many drivers to use DEVICE_ATTR_RW
2018-01-24 08:49:51 +01:00
cytherm.c
USB: misc: fix up some remaining DEVICE_ATTR() usages
2018-01-24 08:49:52 +01:00
ehset.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
emi26.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
emi62.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
ezusb.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
ftdi-elan.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
idmouse.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
iowarrior.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
isight_firmware.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
Kconfig
usb: usb251xb: Add USB2517i specific struct and IDs
2017-11-01 17:14:21 +01:00
ldusb.c
usb: ldusb: add PIDs for new CASSY devices supported by this driver
2018-02-15 18:44:03 +01:00
legousbtower.c
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
lvstest.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
rio500_usb.h
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
rio500.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
trancevibrator.c
USB: move many drivers to use DEVICE_ATTR_RW
2018-01-24 08:49:51 +01:00
usb251xb.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
usb3503.c
usb: misc: usb3503: make sure reset is low for at least 100us
2018-01-11 18:39:52 +01:00
usb4604.c
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
usb_u132.h
USB: misc: Remove redundant license text
2017-11-04 11:55:38 +01:00
usblcd.c
USB: add SPDX identifiers to all remaining files in drivers/usb/
2017-11-04 11:48:02 +01:00
usbsevseg.c
USB: misc: fix up some remaining DEVICE_ATTR() usages
2018-01-24 08:49:52 +01:00
usbtest.c
usb: usbtest: Remove stack VLA usage
2018-03-09 09:10:22 -08:00
uss720.c
USB: misc: uss720: more vendor/product ID's
2018-03-20 12:27:34 +01:00
yurex.c
USB: yurex: fix out-of-bounds uaccess in read handler
2018-07-17 11:48:27 +02:00