linux/drivers/usb/core
Zeng Tao a18cd6c9b6 usb: core: fix slab-out-of-bounds Read in read_descriptors
The USB device descriptor may get changed between two consecutive
enumerations on the same device for some reason, such as DFU or
malicius device.
In that case, we may access the changing descriptor if we don't take
the device lock here.

The issue is reported:
https://syzkaller.appspot.com/bug?id=901a0d9e6519ef8dc7acab25344bd287dd3c7be9

Cc: stable <stable@vger.kernel.org>
Cc: Alan Stern <stern@rowland.harvard.edu>
Reported-by: syzbot+256e56ddde8b8957eabd@syzkaller.appspotmail.com
Fixes: 217a9081d8 ("USB: add all configs to the "descriptors" attribute")
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Link: https://lore.kernel.org/r/1599201467-11000-1-git-send-email-prime.zeng@hisilicon.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-09-04 16:41:22 +02:00
..
buffer.c usb: add a hcd_uses_dma helper 2019-08-15 15:18:05 +02:00
config.c usb: Use fallthrough pseudo-keyword 2020-07-10 08:55:17 +02:00
devices.c USB: core: additional Device Classes to debug/usb/devices 2020-06-18 10:02:58 +02:00
devio.c usb: usbfs: stop using compat_alloc_user_space 2020-07-22 13:13:22 +02:00
driver.c USB: Fix device driver race 2020-08-18 13:09:31 +02:00
endpoint.c
file.c USB: core: Fix races in character device registration and deregistraion 2019-08-12 22:47:24 +02:00
generic.c USB: Also match device drivers using the ->match vfunc 2020-08-18 13:08:45 +02:00
hcd-pci.c usb: hcd: Fix use after free in usb_hcd_pci_remove() 2020-08-18 12:09:52 +02:00
hcd.c usb: Use fallthrough pseudo-keyword 2020-07-10 08:55:17 +02:00
hub.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
hub.h USB: core: Use the correct style for SPDX License Identifier 2020-04-16 14:32:45 +02:00
Kconfig USB: OTG: rename product list of devices 2020-06-19 08:58:55 +02:00
ledtrig-usbport.c usb: core: ledtrig-usbport: Demote obvious misuse of kerneldoc to standard comment blocks 2020-07-09 16:46:57 +02:00
Makefile
message.c usb: Fix out of sync data toggle if a configured device is reconfigured 2020-09-04 16:41:22 +02:00
notify.c USB: core: Remove usbfs_mutex 2019-06-26 10:28:09 +08:00
of.c drivers: usb: Fix trivial spelling 2020-06-18 10:13:16 +02:00
otg_productlist.h USB: OTG: rename product list of devices 2020-06-19 08:58:55 +02:00
phy.c usb: core: phy: add support for PHY calibration 2019-09-03 15:54:55 +02:00
phy.h usb: core: phy: add support for PHY calibration 2019-09-03 15:54:55 +02:00
port.c usb: core: port: do error out if usb_autopm_get_interface() fails 2020-03-04 10:58:16 +01:00
quirks.c USB: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D 2020-08-27 09:24:05 +02:00
sysfs.c usb: core: fix slab-out-of-bounds Read in read_descriptors 2020-09-04 16:41:22 +02:00
urb.c usb: Use fallthrough pseudo-keyword 2020-07-10 08:55:17 +02:00
usb-acpi.c usb: core: Use ACPI_SUCCESS() at appropriate places 2020-02-19 11:08:52 +01:00
usb.c USB: Fix up terminology 2020-07-01 14:04:04 +02:00
usb.h USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE 2020-06-19 08:58:37 +02:00