From: Greg KH <greg@kroah.com>
To: "Holger Hoffstätte" <holger@applied-asynchrony.com>
Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 4.4 63/99] [media] usbvision fix overflow of interfaces array
Date: Tue, 7 Jun 2016 17:26:45 -0700 [thread overview]
Message-ID: <20160608002645.GG8341@kroah.com> (raw)
In-Reply-To: <pan$17e21$775d2f08$db2d28e3$50e5b796@applied-asynchrony.com>
On Sun, Jun 05, 2016 at 09:53:42PM +0000, Holger Hoffst�tte wrote:
> On Sun, 05 Jun 2016 14:41:36 -0700, Greg Kroah-Hartman wrote:
>
> > 4.4-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Oliver Neukum <oneukum@suse.com>
> >
> > commit 588afcc1c0e45358159090d95bf7b246fb67565f upstream.
> >
> > This fixes the crash reported in:
> > http://seclists.org/bugtraq/2015/Oct/35
> > The interface number needs a sanity check.
> >
> > Signed-off-by: Oliver Neukum <oneukum@suse.com>
> > Cc: Vladis Dronov <vdronov@redhat.com>
> > Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
> > Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
> > Cc: Moritz Muehlenhoff <moritz@wikimedia.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> >
> > ---
> > drivers/media/usb/usbvision/usbvision-video.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > --- a/drivers/media/usb/usbvision/usbvision-video.c
> > +++ b/drivers/media/usb/usbvision/usbvision-video.c
> > @@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_in
> > printk(KERN_INFO "%s: %s found\n", __func__,
> > usbvision_device_data[model].model_string);
> >
> > + /*
> > + * this is a security check.
> > + * an exploit using an incorrect bInterfaceNumber is known
> > + */
> > + if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum])
> > + return -ENODEV;
> > +
> > if (usbvision_device_data[model].interface >= 0)
> > interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0];
> > else if (ifnum < dev->actconfig->desc.bNumInterfaces)
>
> Not sure if it matters, but heads up anyway that for some reason this
> patch is a duplicate and was previously applied quite some time ago:
>
> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.4.y&id=588afcc1c0e45358159090d95bf7b246fb67565f
Yes, thanks, sorry for the confusion, Debian seems confused as well as
this is in their kernel tree too...
now dropped, thanks.
greg k-h
next prev parent reply other threads:[~2016-06-08 0:26 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-05 21:40 [PATCH 4.4 00/99] 4.4.13-stable review Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 01/99] MIPS64: R6: R2 emulation bugfix Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 02/99] MIPS: math-emu: Fix jalr emulation when rd == $0 Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 03/99] MIPS: MSA: Fix a link error on `_init_msa_upper with older GCC Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 04/99] MIPS: Dont unwind to user mode with EVA Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 05/99] MIPS: Avoid using unwind_stack() with usermode Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 06/99] MIPS: Fix siginfo.h to use strict posix types Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 07/99] MIPS: Fix uapi include in exported asm/siginfo.h Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 08/99] MIPS: Fix watchpoint restoration Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 09/99] MIPS: Handle highmem pages in __update_cache Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 10/99] MIPS: Sync icache & dcache in set_pte_at Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 11/99] MIPS: ath79: make bootconsole wait for both THRE and TEMT Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 12/99] MIPS: Reserve nosave data for hibernation Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 13/99] MIPS: Loongson-3: Reserve 32MB for RS780E integrated GPU Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 14/99] MIPS: Use copy_s.fmt rather than copy_u.fmt Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 15/99] MIPS: Fix MSA ld_*/st_* asm macros to use PTR_ADDU Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 16/99] MIPS: Prevent "restoration" of MSA context in non-MSA kernels Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 17/99] MIPS: Disable preemption during prctl(PR_SET_FP_MODE, ...) Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 18/99] MIPS: ptrace: Fix FP context restoration FCSR regression Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 19/99] MIPS: ptrace: Prevent writes to read-only FCSR bits Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 20/99] MIPS: Fix sigreturn via VDSO on microMIPS kernel Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 21/99] MIPS: Build microMIPS VDSO for microMIPS kernels Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 22/99] MIPS: lib: Mark intrinsics notrace Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 23/99] MIPS: VDSO: Build with `-fno-strict-aliasing Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 24/99] affs: fix remount failure when there are no options changed Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 25/99] ASoC: ak4642: Enable cache usage to fix crashes on resume Greg Kroah-Hartman
2016-06-05 21:40 ` [PATCH 4.4 26/99] Input: uinput - handle compat ioctl for UI_SET_PHYS Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 27/99] ARM: mvebu: fix GPIO config on the Linksys boards Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 28/99] ARM: dts: at91: fix typo in sama5d2 PIN_PD24 description Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 29/99] ARM: dts: exynos: Add interrupt line to MAX8997 PMIC on exynos4210-trats Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 30/99] ARM: dts: imx35: restore existing used clock enumeration Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 31/99] ath9k: Add a module parameter to invert LED polarity Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 32/99] ath9k: Fix LED polarity for some Mini PCI AR9220 MB92 cards Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 33/99] ath10k: fix debugfs pktlog_filter write Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 34/99] ath10k: fix firmware assert in monitor mode Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 35/99] ath10k: fix rx_channel during hw reconfigure Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 36/99] ath10k: fix kernel panic, move arvifs list head init before htt init Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 37/99] ath5k: Change led pin configuration for compaq c700 laptop Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 38/99] hwrng: exynos - Fix unbalanced PM runtime put on timeout error path Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 39/99] rtlwifi: rtl8723be: Add antenna select module parameter Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 40/99] rtlwifi: btcoexist: Implement antenna selection Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 41/99] rtlwifi: Fix logic error in enter/exit power-save mode Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 42/99] rtlwifi: pci: use dev_kfree_skb_irq instead of kfree_skb in rtl_pci_reset_trx_ring Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 43/99] aacraid: Relinquish CPU during timeout wait Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 44/99] aacraid: Fix for aac_command_thread hang Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 45/99] aacraid: Fix for KDUMP driver hang Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 46/99] regulator: Try to resolve regulators supplies on registration Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 47/99] hwmon: (ads7828) Enable internal reference Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 48/99] mfd: intel-lpss: Save register context on suspend Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 50/99] PM / Runtime: Fix error path in pm_runtime_force_resume() Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 51/99] cpuidle: Indicate when a device has been unregistered Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 52/99] cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter() Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 53/99] clk: bcm2835: Fix PLL poweron Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 54/99] clk: at91: fix check of clk_register() returned value Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 55/99] clk: bcm2835: pll_off should only update CM_PLL_ANARST Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 56/99] clk: bcm2835: divider value has to be 1 or more Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 57/99] pinctrl: exynos5440: Use off-stack memory for pinctrl_gpio_range Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 58/99] PCI: Disable all BAR sizing for devices with non-compliant BARs Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 59/99] [media] media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32 Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 60/99] mm: use phys_addr_t for reserve_bootmem_region() arguments Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 61/99] wait/ptrace: assume __WALL if the child is traced Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 62/99] QE-UART: add "fsl,t1040-ucc-uart" to of_device_id Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 63/99] [media] usbvision fix overflow of interfaces array Greg Kroah-Hartman
2016-06-05 21:53 ` Holger Hoffstätte
2016-06-08 0:26 ` Greg KH [this message]
2016-06-05 21:41 ` [PATCH 4.4 64/99] pipe: limit the per-user amount of pages allocated in pipes Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 65/99] powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 66/99] powerpc/eeh: Dont report error in eeh_pe_reset_and_recover() Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 67/99] Revert "powerpc/eeh: Fix crash in eeh_add_device_early() on Cell" Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 68/99] powerpc/eeh: Restore initial state in eeh_pe_reset_and_recover() Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 69/99] xen/events: Dont move disabled irqs Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 70/99] xen: use same main loop for counting and remapping pages Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 72/99] drm/gma500: Fix possible out of bounds read Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 73/99] drm/vmwgfx: Enable SVGA_3D_CMD_DX_SET_PREDICATION Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 74/99] drm/vmwgfx: use vmw_cmd_dx_cid_check for query commands Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 75/99] drm/vmwgfx: Fix order of operation Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 76/99] drm/amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 77/99] drm/amdgpu: Fix hdmi deep color support Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 78/99] drm/i915/fbdev: Fix num_connector references in intel_fb_initial_config() Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 79/99] drm/fb_helper: Fix references to dev->mode_config.num_connector Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 80/99] drm/atomic: Verify connector->funcs != NULL when clearing states Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 83/99] ext4: fix hang when processing corrupted orphaned inode list Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 84/99] ext4: clean up error handling when orphan list is corrupted Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 85/99] ext4: fix oops on corrupted filesystem Greg Kroah-Hartman
2016-06-05 21:41 ` [PATCH 4.4 86/99] ext4: address UBSAN warning in mb_find_order_for_block() Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 87/99] ext4: silence UBSAN in ext4_mb_init() Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 88/99] PM / sleep: Handle failures in device_suspend_late() consistently Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 90/99] scripts/package/Makefile: rpmbuild add support of RPMOPTS Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 91/99] gcov: disable tree-loop-im to reduce stack usage Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 92/99] xfs: disallow rw remount on fs with unknown ro-compat features Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 93/99] xfs: Dont wrap growfs AGFL indexes Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 94/99] xfs: xfs_iflush_cluster fails to abort on error Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 95/99] xfs: fix inode validity check in xfs_iflush_cluster Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 96/99] xfs: skip stale inodes " Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 98/99] xfs: handle dquot buffer readahead in log recovery correctly Greg Kroah-Hartman
2016-06-05 21:42 ` [PATCH 4.4 99/99] gpio: davinci: fix missed parent conversion Greg Kroah-Hartman
2016-06-06 17:26 ` [PATCH 4.4 00/99] 4.4.13-stable review Shuah Khan
2016-06-07 4:07 ` Guenter Roeck
2016-06-08 1:02 ` Greg Kroah-Hartman
2016-06-08 1:07 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160608002645.GG8341@kroah.com \
--to=greg@kroah.com \
--cc=holger@applied-asynchrony.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).