On Sun, 05 Jun 2016 14:41:36 -0700, Greg Kroah-Hartman wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Oliver Neukum <oneu...@suse.com> > > commit 588afcc1c0e45358159090d95bf7b246fb67565f upstream. > > This fixes the crash reported in: > http://seclists.org/bugtraq/2015/Oct/35 > The interface number needs a sanity check. > > Signed-off-by: Oliver Neukum <oneu...@suse.com> > Cc: Vladis Dronov <vdro...@redhat.com> > Signed-off-by: Hans Verkuil <hans.verk...@cisco.com> > Signed-off-by: Mauro Carvalho Chehab <mche...@osg.samsung.com> > Cc: Moritz Muehlenhoff <mor...@wikimedia.org> > Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> > > --- > drivers/media/usb/usbvision/usbvision-video.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > --- a/drivers/media/usb/usbvision/usbvision-video.c > +++ b/drivers/media/usb/usbvision/usbvision-video.c > @@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_in > printk(KERN_INFO "%s: %s found\n", __func__, > usbvision_device_data[model].model_string); > > + /* > + * this is a security check. > + * an exploit using an incorrect bInterfaceNumber is known > + */ > + if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum]) > + return -ENODEV; > + > if (usbvision_device_data[model].interface >= 0) > interface = > &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0]; > else if (ifnum < dev->actconfig->desc.bNumInterfaces)
Not sure if it matters, but heads up anyway that for some reason this patch is a duplicate and was previously applied quite some time ago: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.4.y&id=588afcc1c0e45358159090d95bf7b246fb67565f -h
