From: Greg KH <gregkh@linuxfoundation.org>
To: "Sebastián Alba" <sebasjosue84@gmail.com>
Cc: security@kernel.org, shuah@kernel.org, stable@vger.kernel.org
Subject: Re: [SECURITY] usbip: vhci: heap buffer overflow via crafted number_of_packets in RET_SUBMIT
Date: Sun, 29 Mar 2026 15:50:57 +0200 [thread overview]
Message-ID: <2026032911-unison-dehydrate-9c62@gregkh> (raw)
In-Reply-To: <CAJD=UNf9Ax4oZ9YTj8rr3jDWaGsXr4bX8uh2A-EE+w49QwSUaQ@mail.gmail.com>
On Sun, Mar 29, 2026 at 07:34:22AM -0600, Sebastián Alba wrote:
> Hi Greg, You're right...I see the patches from Kelvin and Nathan on
> linux-usb now. I should have checked lore before sending. No AI
> prompt, just manual auditing starting from CVE-2016-3955, but clearly
> others had the same idea this week. Sorry for the noise, and thanks
> for pointing me in the right direction. I'll check linux-usb first
> next time.
Curious as to _why_ 3 different people all independantly decided to look
at CVE-2016-3955, a 10 year old CVE entry, and decide this week to poke
at this on their own and come up with almost the same exact issues.
What made that specific CVE stand out in the see of tens of thousands of
other kernel CVEs out there?
thanks,
greg k-h
next prev parent reply other threads:[~2026-03-29 13:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-29 12:53 [SECURITY] usbip: vhci: heap buffer overflow via crafted number_of_packets in RET_SUBMIT Sebastian Josue Alba Vives
2026-03-29 12:53 ` [PATCH] usbip: vhci: validate number_of_packets in RET_SUBMIT response Sebastian Josue Alba Vives
2026-03-29 13:25 ` Greg KH
2026-03-29 13:17 ` [SECURITY] usbip: iso_frame_desc OOB memmove via crafted offset/length Sebastian Josue Alba Vives
2026-03-29 13:17 ` [PATCH] usbip: validate iso_frame_desc offset and length in usbip_recv_iso() Sebastian Josue Alba Vives
2026-03-29 13:24 ` [SECURITY] usbip: vhci: heap buffer overflow via crafted number_of_packets in RET_SUBMIT Greg KH
2026-03-29 13:34 ` Sebastián Alba
2026-03-29 13:50 ` Greg KH [this message]
2026-03-29 13:53 ` Sebastián Alba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026032911-unison-dehydrate-9c62@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=sebasjosue84@gmail.com \
--cc=security@kernel.org \
--cc=shuah@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox