From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Edward Adam Davis <eadavis@qq.com>,
stable <stable@kernel.org>,
syzbot+9d34f80f841e948c3fdb@syzkaller.appspotmail.com
Subject: [PATCH 6.11 12/12] USB: usbtmc: prevent kernel-usb-infoleak
Date: Fri, 27 Sep 2024 14:24:15 +0200 [thread overview]
Message-ID: <20240927121715.757754022@linuxfoundation.org> (raw)
In-Reply-To: <20240927121715.213013166@linuxfoundation.org>
6.11-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Adam Davis <eadavis@qq.com>
commit 625fa77151f00c1bd00d34d60d6f2e710b3f9aad upstream.
The syzbot reported a kernel-usb-infoleak in usbtmc_write,
we need to clear the structure before filling fields.
Fixes: 4ddc645f40e9 ("usb: usbtmc: Add ioctl for vendor specific write")
Reported-and-tested-by: syzbot+9d34f80f841e948c3fdb@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9d34f80f841e948c3fdb
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/tencent_9649AA6EC56EDECCA8A7D106C792D1C66B06@qq.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/usbtmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/class/usbtmc.c
+++ b/drivers/usb/class/usbtmc.c
@@ -754,7 +754,7 @@ static struct urb *usbtmc_create_urb(voi
if (!urb)
return NULL;
- dmabuf = kmalloc(bufsize, GFP_KERNEL);
+ dmabuf = kzalloc(bufsize, GFP_KERNEL);
if (!dmabuf) {
usb_free_urb(urb);
return NULL;
next prev parent reply other threads:[~2024-09-27 12:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-27 12:24 [PATCH 6.11 00/12] 6.11.1-rc1 review Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 01/12] drm: Use XArray instead of IDR for minors Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 02/12] accel: " Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 03/12] drm: Expand max DRM device number to full MINORBITS Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 04/12] powercap/intel_rapl: Add support for AMD family 1Ah Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 05/12] powercap/intel_rapl: Fix the energy-pkg event for AMD CPUs Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 06/12] cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 07/12] netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 08/12] Bluetooth: btintel_pcie: Allocate memory for driver private data Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 09/12] ASoC: amd: acp: add ZSC control register programming sequence Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 10/12] nvme-pci: qdepth 1 quirk Greg Kroah-Hartman
2024-09-27 12:24 ` [PATCH 6.11 11/12] USB: serial: pl2303: add device id for Macrosilicon MS3020 Greg Kroah-Hartman
2024-09-27 12:24 ` Greg Kroah-Hartman [this message]
2024-09-27 17:46 ` [PATCH 6.11 00/12] 6.11.1-rc1 review Peter Schneider
2024-09-27 18:36 ` Jon Hunter
2024-09-27 18:51 ` Justin Forbes
2024-09-27 19:38 ` Christian Heusel
2024-09-27 19:53 ` Florian Fainelli
2024-09-28 13:42 ` Naresh Kamboju
2024-09-28 15:06 ` Allen
2024-09-28 17:15 ` Shuah Khan
2024-09-29 8:20 ` Ron Economos
2024-09-29 10:58 ` Kexy Biscuit
2024-09-29 11:32 ` Muhammad Usama Anjum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240927121715.757754022@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=eadavis@qq.com \
--cc=patches@lists.linux.dev \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+9d34f80f841e948c3fdb@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.