Hello Li,
+-- On Tue, 25 Aug 2020, Li Qiang wrote --+
| Just see the page.
| -->https://access.redhat.com/security/cve/CVE-2020-14364
|
| The 'Attack Vector' of the CVSS score here is 'local'.
|
| I think this should be 'network' as the guest user can touch this in cloud
| environment? What's
Gerd Hoffmann 于2020年8月25日周二 下午1:37写道:
>
> Store calculated setup_len in a local variable, verify it, and only
> write it to the struct (USBDevice->setup_len) in case it passed the
> sanity checks.
>
> This prevents other code (do_token_{in,out} functions specifically)
> from working with invalid U
Store calculated setup_len in a local variable, verify it, and only
write it to the struct (USBDevice->setup_len) in case it passed the
sanity checks.
This prevents other code (do_token_{in,out} functions specifically)
from working with invalid USBDevice->setup_len values and overrunning
the USBDe
