Re: usb/core: slab-out-of-bounds read in cdc_parse_cdc_header
From: Greg Kroah-Hartman
Date: Thu Sep 21 2017 - 03:31:51 EST
On Wed, Sep 20, 2017 at 04:45:08PM +0200, Andrey Konovalov wrote:
> I've got the following crash while fuzzing the kernel with syzkaller.
> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
> It looks like cdc_parse_cdc_header() doesn't validate buflen before
> accessing buffer, buffer and so on. The only check present is
> while (buflen > 0).
Ugh, you are right, let me go work on a patch, thanks for the report...