Re: [PATCH] USB: serial: safe_serial: fix memory corruption with small endpoint
From: Greg Kroah-Hartman
Date: Sat May 23 2026 - 01:51:54 EST
On Fri, May 22, 2026 at 04:22:18PM +0200, Johan Hovold wrote:
> Make sure that the bulk-out buffer size is at least eight bytes to avoid
> user-controlled slab corruption in "safe" mode should a malicious device
> report a smaller size.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
> ---
> drivers/usb/serial/safe_serial.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
Reviewed-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>