korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 12:28:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
907767da8f
linux/drivers
History
Johan Hovold 907767da8f comedi: ni_usb6501: fix NULL-deref in command paths 
The driver uses endpoint-sized USB transfer buffers but had no sanity
checks on the sizes. This can lead to zero-size-pointer dereferences or
overflowed transfer buffers in ni6501_port_command() and
ni6501_counter_command() if a (malicious) device has smaller max-packet
sizes than expected (or when doing descriptor fuzz testing).

Add the missing sanity checks to probe().

Fixes: a03bb00e50 ("staging: comedi: add NI USB-6501 support")
Cc: stable@vger.kernel.org      # 3.18
Cc: Luca Ellero <luca.ellero@brickedbrain.com>
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20211027093529.30896-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-10-30 10:54:47 +02:00
..
accessibility
acpi ACPI fix for 5.15-rc6 2021-10-16 08:45:46 -07:00
amba
android binder: don't detect sender/target during buffer cleanup 2021-10-19 09:38:55 +02:00
ata ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() 2021-10-14 12:22:47 +09:00
atm
auxdisplay
base Driver core fixes for 5.15-rc6 2021-10-17 17:17:28 -10:00
bcma Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
block block-5.15-2021-10-17 2021-10-17 19:25:20 -10:00
bluetooth Bluetooth: btusb: Remove WAKEUP_DISABLE and add WAKEUP_AUTOSUSPEND for Realtek devices 2021-08-19 17:08:31 +02:00
bus Driver core fixes for 5.15-rc6 2021-10-17 17:17:28 -10:00
cdrom
char char: xillybus: fix msg_ep UAF in xillyusb_probe() 2021-10-19 09:40:18 +02:00
clk clk: qcom: add select QCOM_GDSC for SM6350 2021-10-13 11:44:42 -07:00
clocksource - converted Pistachio platform to use MIPS generic kernel 2021-09-03 11:11:54 -07:00
comedi comedi: ni_usb6501: fix NULL-deref in command paths 2021-10-30 10:54:47 +02:00
connector
counter counter: Fix use-after-free race condition for events_queue_size write 2021-10-21 13:02:47 +02:00
cpufreq Power management fixes for 5.15-rc2 2021-09-17 12:05:04 -07:00
cpuidle - Core Frameworks 2021-09-07 12:38:59 -07:00
crypto crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() 2021-09-24 15:58:41 +08:00
cxl cxl for v5.15 2021-09-09 11:48:27 -07:00
dax libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
dca
devfreq devfreq: use HZ macros 2021-09-08 11:50:26 -07:00
dio
dma dmaengine updates for v5.15-rc1 2021-09-09 11:07:47 -07:00
dma-buf dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
edac EDAC/armada-xp: Fix output of uncorrectable error counter 2021-10-14 11:46:03 +02:00
eisa
extcon extcon: usbc-tusb320: Add support for TUSB320L 2021-10-27 14:13:39 +09:00
firewire FireWire (IEEE 1394) subsystem updates: 2021-09-11 09:47:33 -07:00
firmware EFI fixes for v5.15 2021-10-17 17:30:49 -10:00
fpga fpga: ice40-spi: Add SPI device ID table 2021-09-27 14:00:41 -07:00
fsi fsi: sbefifo: Use interruptible mutex locking 2021-10-22 09:54:33 +10:30
gnss
gpio gpio: mockup: Convert to use software nodes 2021-10-06 13:04:04 +02:00
gpu fix for "dma-buf: move dma-buf symbols into the DMA_BUF module namespace" 2021-10-27 08:52:02 +02:00
greybus
hid HID: amd_sfh: Fix potential NULL pointer dereference 2021-09-27 10:00:43 +02:00
hsi
hv hyperv-fixes for 5.15-rc2 2021-09-15 17:18:56 -07:00
hwmon FSI changes for v5.16 2021-10-22 09:45:59 +02:00
hwspinlock
hwtracing coresight: trbe: Work around write to out of range 2021-10-27 11:46:01 -06:00
i2c i2c: mlxcpld: Modify register setting for 400KHz frequency 2021-10-04 21:56:20 +02:00
i3c
idle
iio iio: frequency: adrf6780: Fix adrf6780_spi_{read,write}() 2021-10-24 13:14:26 +02:00
infiniband dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2021-10-17 16:57:06 -10:00
interconnect Merge branch 'icc-rpm' into icc-next 2021-10-04 16:14:13 +03:00
iommu iommu/arm: fix ARM_SMMU_QCOM compilation 2021-10-13 21:28:44 +02:00
ipack ipack: ipoctal: rename tty-driver pointer 2021-10-04 11:21:24 +02:00
irqchip irqchip/gic: Work around broken Renesas integration 2021-09-22 14:44:25 +01:00
isdn isdn: mISDN: Fix sleeping function called from invalid context 2021-10-09 13:42:51 +01:00
leds leds: pca955x: Switch to i2c probe_new 2021-08-20 11:00:08 +02:00
macintosh memblock: introduce saner 'memblock_free_ptr()' interface 2021-09-14 13:23:22 -07:00
mailbox mailbox: cmdq: add multi-gce clocks support for mt8195 2021-08-31 22:57:45 -05:00
mcb mcb: fix error handling in mcb_alloc_bus() 2021-09-14 11:22:26 +02:00
md dm: fix mempool NULL pointer race when completing IO 2021-10-12 13:54:10 -04:00
media dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
memory
memstick Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
message
mfd - Core Frameworks 2021-09-07 12:38:59 -07:00
misc dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
mmc asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
most most: fix control-message timeouts 2021-10-26 19:12:01 +02:00
mtd mtd: rawnand: qcom: Update code word value for raw read 2021-09-14 19:36:00 +02:00
mux mux: add support for delay after muxing 2021-10-21 20:02:42 +01:00
net Networking fixes for 5.15-rc6. 2021-10-14 18:21:39 -04:00
nfc nfc: st-nci: Add SPI ID matching DT compatible 2021-09-23 12:53:06 +01:00
ntb Bug fixes and clean-ups for Linux v5.15 2021-09-07 13:05:02 -07:00
nubus
nvdimm nvdimm/pmem: fix creating the dax group 2021-09-27 11:40:43 -07:00
nvme nvme fixes for Linux 5.15: 2021-10-14 09:07:14 -06:00
nvmem Merge 5.15-rc6 into char-misc-next 2021-10-18 09:29:27 +02:00
of fbdev: simplefb: fix Kconfig dependencies 2021-10-06 11:12:28 +02:00
opp Merge branches 'pm-pci', 'pm-sleep', 'pm-domains' and 'powercap' 2021-08-30 19:25:42 +02:00
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-09 12:44:31 +02:00
parport parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci pci-v5.15-fixes-2 2021-10-16 09:00:46 -07:00
pcmcia
perf KVM: arm64: Fix PMU probe ordering 2021-09-20 12:43:34 +01:00
phy phy: Sparx5 Eth SerDes: Fix return value check in sparx5_serdes_probe() 2021-10-26 16:36:23 +05:30
pinctrl asm-generic: build fixes for v5.15 2021-10-08 11:57:54 -07:00
platform Merge 5.15-rc6 into char-misc-next 2021-10-18 09:29:27 +02:00
pnp
power power supply and reset changes for the v5.15 series 2021-08-30 11:47:32 -07:00
powercap powercap: Add Power Limit4 support for Alder Lake SoC 2021-08-25 20:12:16 +02:00
pps
ps3
ptp Networking fixes for 5.15-rc5, including fixes from xfrm, bpf, 2021-10-07 09:50:31 -07:00
pwm pwm: mtk-disp: Implement atomic API .get_state() 2021-09-02 22:27:46 +02:00
rapidio
ras
regulator regulator: max14577: Revert "regulator: max14577: Add proper module aliases strings" 2021-09-17 13:16:38 +01:00
remoteproc
reset ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
rpmsg
rtc rtc: cmos: Disable irq around direct invocation of cmos_interrupt() 2021-09-14 10:20:19 +02:00
s390 s390 updates for 5.15-rc4 2021-10-01 14:45:23 -07:00
sbus
scsi scsi: iscsi: Fix iscsi_task use after free 2021-10-04 23:40:11 -04:00
sh
siox
slimbus Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
soc Driver core fixes for 5.15-rc6 2021-10-17 17:17:28 -10:00
soundwire soundwire: qcom: add debugfs entry for soundwire register dump 2021-10-20 20:54:59 +05:30
spi spi-mux: Fix false-positive lockdep splats 2021-10-14 13:32:19 +01:00
spmi
ssb
staging dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
target scsi: target: Fix spelling mistake "CONFLIFT" -> "CONFLICT" 2021-09-22 00:17:29 -04:00
tc
tee dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
thermal thermal/drivers/tsens: Fix wrong check for tzd in irq handlers 2021-09-21 15:17:11 +02:00
thunderbolt thunderbolt: build kunit tests without structleak plugin 2021-10-06 17:53:49 -06:00
tty Serial driver fix for 5.15-rc6 2021-10-17 17:06:31 -10:00
uio
usb USB-serial fixes for 5.15-rc6 2021-10-15 15:04:02 +02:00
vdpa vdpa/mlx5: Avoid executing set_vq_ready() if device is reset 2021-09-14 18:10:43 -04:00
vfio vfio/pci: add missing identifier name in argument of function prototype 2021-09-23 14:12:36 -06:00
vhost virtio,vdpa: fixes 2021-10-17 18:17:19 -10:00
video video: fbdev: gbefb: Only instantiate device when built for IP32 2021-10-06 11:12:28 +02:00
virt virt: acrn: Introduce interfaces for virtual device creating/destroying 2021-10-05 16:14:10 +02:00
virtio dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
visorbus
vlynq
vme
w1
watchdog watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST 2021-09-27 11:57:19 -07:00
xen dma-buf: move dma-buf symbols into the DMA_BUF module namespace 2021-10-25 14:53:08 +02:00
zorro
Kconfig firmware: include drivers/firmware/Kconfig unconditionally 2021-10-07 16:51:26 +02:00
Makefile