Re: [PATCH net] net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

Next message: Pavitrakumar Managutte: "Re: [PATCH v11 2/4] crypto: spacc - Add SPAcc ahash support"
Previous message: Chen-Yu Tsai: "Re: [PATCH v7 0/8] Add support for handling PCIe M.2 Key E connectors in devicetree"
In reply to: Paolo Abeni: "Re: [PATCH net] net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Tue Apr 14 2026 - 06:29:55 EST

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@xxxxxxxxxx>:

On Sat, 11 Apr 2026 13:01:35 +0200 you wrote:
> A malicious USB device claiming to be a CDC Phonet modem can overflow
> the skb_shared_info->frags[] array by sending an unbounded sequence of
> full-page bulk transfers.
>
> Drop the skb and increment the length error when the frag limit is
> reached. This matches the same fix that commit f0813bcd2d9d ("net:
> wwan: t7xx: fix potential skb->frags overflow in RX path") did for the
> t7xx driver.
>
> [...]

Here is the summary with links:
- [net] net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
https://git.kernel.org/netdev/net/c/600dc40554dc

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html