Re: [PATCH] USB: serial: mct_u232: fix memory corruption with small endpoint

Next message: Krzysztof Kozlowski: "[PATCH v2] memory: omap-gpmc: Silence W=1 kerneldoc warnings"
Previous message: Alexander Stein: "Re: [PATCH v4 4/6] media: synopsys: Add PHY stopstate wait for i.MX93"
In reply to: Johan Hovold: "[PATCH] USB: serial: mct_u232: fix memory corruption with small endpoint"
Next in thread: Johan Hovold: "Re: [PATCH] USB: serial: mct_u232: fix memory corruption with small endpoint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg Kroah-Hartman

Date: Wed May 20 2026 - 07:17:24 EST

On Wed, May 20, 2026 at 12:14:52PM +0200, Johan Hovold wrote:
> The driver overrides the maximum transfer size for a specific device
> which only accepts 16 byte packets for its 32 byte bulk-out endpoint.
>
> Make sure to never increase the maximum transfer size to prevent slab
> corruption should a malicious device report a smaller endpoint max
> packet size than expected.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
> ---

Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>