CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204)
This commit is contained in:
Josh Boyer
parent
3e6ca82b21
commit
2faff2a1f3
|
|
@ -0,0 +1,33 @@
|
|||
From e6a87f147002fa16adcbafebbc458ff90a463474 Mon Sep 17 00:00:00 2001
|
||||
From: Oliver Neukum <oneukum@suse.com>
|
||||
Date: Tue, 15 Mar 2016 10:14:04 +0100
|
||||
Subject: [PATCH] cdc-acm: more sanity checking
|
||||
|
||||
An attack has become available which pretends to be a quirky
|
||||
device circumventing normal sanity checks and crashes the kernel
|
||||
by an insufficient number of interfaces. This patch adds a check
|
||||
to the code path for quirky devices.
|
||||
|
||||
Signed-off-by: Oliver Neukum <ONeukum@suse.com>
|
||||
CC: stable@vger.kernel.org
|
||||
---
|
||||
drivers/usb/class/cdc-acm.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
|
||||
index 26ca4f910cb0..a7732f80a912 100644
|
||||
--- a/drivers/usb/class/cdc-acm.c
|
||||
+++ b/drivers/usb/class/cdc-acm.c
|
||||
@@ -1113,6 +1113,9 @@ static int acm_probe(struct usb_interface *intf,
|
||||
if (quirks == NO_UNION_NORMAL) {
|
||||
data_interface = usb_ifnum_to_if(usb_dev, 1);
|
||||
control_interface = usb_ifnum_to_if(usb_dev, 0);
|
||||
+ /* we would crash */
|
||||
+ if (!data_interface || !control_interface)
|
||||
+ return -ENODEV;
|
||||
goto skip_normal_probe;
|
||||
}
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
||||
|
|
@ -652,6 +652,9 @@ Patch674: USB-iowarrior-fix-oops-with-malicious-USB-descriptor.patch
|
|||
#CVE-2016-2185 rhbz 1317014 1317471
|
||||
Patch675: usb_driver_claim_interface-add-sanity-checking.patch
|
||||
|
||||
#CVE-2016-3138 rhbz 1317010 1316204
|
||||
Patch676: cdc-acm-more-sanity-checking.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
%endif
|
||||
|
||||
|
|
@ -1367,6 +1370,9 @@ ApplyPatch USB-iowarrior-fix-oops-with-malicious-USB-descriptor.patch
|
|||
#CVE-2016-2185 rhbz 1317014 1317471
|
||||
ApplyPatch usb_driver_claim_interface-add-sanity-checking.patch
|
||||
|
||||
#CVE-2016-3138 rhbz 1317010 1316204
|
||||
ApplyPatch cdc-acm-more-sanity-checking.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2217,6 +2223,7 @@ fi
|
|||
#
|
||||
%changelog
|
||||
* Fri Mar 18 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2016-3138 cdc_acm: oops on invalid USB descriptors (rhbz 1317010 1316204)
|
||||
- CVE-2016-2185 ati_remote2: oops on invalid USB descriptors (rhbz 1317014 1317471)
|
||||
- CVE-2016-2188 iowarrior: oops on invalid USB descriptors (rhbz 1317018 1317467)
|
||||
- CVE-2016-2186 powermate: oops on invalid USB descriptors (rhbz 1317015 1317464)
|
||||
|
|
|
|||
Loading…
Reference in New Issue