]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ae7cdc) | patch
USB: yurex: fix out-of-bounds uaccess in read handler
authorJann Horn <jannh@google.com>
Fri, 9 Nov 2018 14:33:26 +0000 (15:33 +0100)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Thu, 6 Dec 2018 13:43:20 +0000 (14:43 +0100)
commit76cc4343a0136b070c1edcb4b4ba69a5c3044b47
tree8ad7c2bf47a50c71316c64a18e0acb6fc0d96baftree
parent8ae7cdc79d11418cbdbf285167cec8839ac888f3commit | diff
USB: yurex: fix out-of-bounds uaccess in read handler

In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

Fix it by using simple_read_from_buffer() instead of custom logic.

Fixes: 6bc235a2e24a ("USB: add driver for Meywa-Denki & Kayac YUREX")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CVE-2018-16276
(cherry picked from commit f1e255d60ae66a9f672ff9a207ee6cd8e33d2679)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
drivers/usb/misc/yurex.c diff | blob | blame | history
ubuntu-bionic-kernel mirror