From: Greg KH <gre...@linuxfoundation.org> Date: Wed, 12 Dec 2018 12:42:24 +0100
> From: Hui Peng <benqu...@gmail.com> > > The function hso_probe reads if_num from the USB device (as an u8) and uses > it without a length check to index an array, resulting in an OOB memory read > in hso_probe or hso_get_config_data. > > Add a length check for both locations and updated hso_probe to bail on > error. > > This issue has been assigned CVE-2018-19985. > > Reported-by: Hui Peng <benqu...@gmail.com> > Reported-by: Mathias Payer <mathias.pa...@nebelwelt.net> > Signed-off-by: Hui Peng <benqu...@gmail.com> > Signed-off-by: Mathias Payer <mathias.pa...@nebelwelt.net> > Reviewed-by: Sebastian Andrzej Siewior <bige...@linutronix.de> > Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> Applied and queued up for -stable, thanks Greg.
