| 2015-06-01 13:13:59 |
Adam Lee |
bug |
|
|
added bug |
| 2015-06-01 13:15:06 |
Adam Lee |
nominated for series |
|
Ubuntu Trusty |
|
| 2015-06-01 13:16:30 |
Adam Lee |
nominated for series |
|
Ubuntu Vivid |
|
| 2015-06-01 13:16:30 |
Adam Lee |
nominated for series |
|
Ubuntu Utopic |
|
| 2015-06-01 13:23:15 |
Chris J Arges |
bug task added |
|
linux (Ubuntu Trusty) |
|
| 2015-06-01 13:23:19 |
Chris J Arges |
bug task added |
|
linux (Ubuntu Utopic) |
|
| 2015-06-01 13:23:24 |
Chris J Arges |
bug task added |
|
linux (Ubuntu Vivid) |
|
| 2015-06-01 13:27:57 |
Andy Whitcroft |
description |
Bug #1413992 's patch introduced a possible infinite loop.
commit 0d3bba0287d4e284c3ec7d3397e81eec920d5e7e
Author: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Date: Tue Apr 14 11:25:43 2015 +0200
cdc-acm: prevent infinite loop when parsing CDC headers.
Phil and I found out a problem with commit:
7e860a6e7aa6 ("cdc-acm: add sanity checks")
It added some sanity checks to ignore potential garbage in CDC headers but
also introduced a potential infinite loop. This can happen at the first
loop iteration (elength = 0 in that case) if the description isn't a
DT_CS_INTERFACE or later if 'buffer[0]' is zero.
It should also be noted that the wrong length was being added to 'buffer'
in case 'buffer[1]' was not a DT_CS_INTERFACE descriptor, since elength was
assigned after that check in the loop.
A specially crafted USB device could be used to trigger this infinite loop.
Fixes: 7e860a6e7aa6 ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
CC: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: Adam Lee <adam8157@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
Bug #1413992 's patch introduced a possible infinite loop.
commit 0d3bba0287d4e284c3ec7d3397e81eec920d5e7e
Author: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Date: Tue Apr 14 11:25:43 2015 +0200
cdc-acm: prevent infinite loop when parsing CDC headers.
Phil and I found out a problem with commit:
7e860a6e7aa6 ("cdc-acm: add sanity checks")
It added some sanity checks to ignore potential garbage in CDC headers but
also introduced a potential infinite loop. This can happen at the first
loop iteration (elength = 0 in that case) if the description isn't a
DT_CS_INTERFACE or later if 'buffer[0]' is zero.
It should also be noted that the wrong length was being added to 'buffer'
in case 'buffer[1]' was not a DT_CS_INTERFACE descriptor, since elength was
assigned after that check in the loop.
A specially crafted USB device could be used to trigger this infinite loop.
Fixes: 7e860a6e7aa6 ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
CC: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: Adam Lee <adam8157@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
===
break-fix: 7e860a6e7aa62b337a61110430cd633db5b0d2dd 0d3bba0287d4e284c3ec7d3397e81eec920d5e7e |
|
| 2015-06-01 13:28:05 |
Andy Whitcroft |
tags |
|
kernel-bug-break-fix |
|
| 2015-06-01 13:36:46 |
Andy Whitcroft |
linux (Ubuntu Trusty): status |
New |
Confirmed |
|
| 2015-06-01 13:36:49 |
Andy Whitcroft |
linux (Ubuntu Utopic): status |
New |
Confirmed |
|
| 2015-06-01 13:36:53 |
Andy Whitcroft |
linux (Ubuntu Vivid): status |
New |
Confirmed |
|
| 2015-06-01 13:36:58 |
Andy Whitcroft |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2015-06-01 14:04:29 |
Adam Lee |
removed subscriber Adam Lee |
|
|
|
| 2015-06-04 21:27:14 |
Andy Whitcroft |
linux (Ubuntu Trusty): status |
Confirmed |
Fix Committed |
|
| 2015-06-04 21:27:19 |
Andy Whitcroft |
linux (Ubuntu Utopic): status |
Confirmed |
Fix Committed |
|
| 2015-06-04 21:27:22 |
Andy Whitcroft |
linux (Ubuntu Vivid): status |
Confirmed |
Fix Committed |
|
| 2015-06-05 07:46:07 |
Adam Lee |
linux (Ubuntu Trusty): importance |
Undecided |
High |
|
| 2015-06-05 07:46:09 |
Adam Lee |
linux (Ubuntu Utopic): importance |
Undecided |
High |
|
| 2015-06-05 07:46:10 |
Adam Lee |
linux (Ubuntu Vivid): importance |
Undecided |
High |
|
| 2015-06-05 07:46:13 |
Adam Lee |
linux (Ubuntu Trusty): assignee |
|
Adam Lee (adam8157) |
|
| 2015-06-05 07:46:14 |
Adam Lee |
linux (Ubuntu Utopic): assignee |
|
Adam Lee (adam8157) |
|
| 2015-06-05 07:46:16 |
Adam Lee |
linux (Ubuntu Vivid): assignee |
|
Adam Lee (adam8157) |
|
| 2015-06-18 21:19:13 |
Launchpad Janitor |
linux (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2015-06-18 21:19:13 |
Launchpad Janitor |
cve linked |
|
2015-1420 |
|
| 2015-06-18 21:19:13 |
Launchpad Janitor |
cve linked |
|
2015-4001 |
|
| 2015-06-18 21:19:13 |
Launchpad Janitor |
cve linked |
|
2015-4002 |
|
| 2015-06-18 21:19:13 |
Launchpad Janitor |
cve linked |
|
2015-4003 |
|
| 2015-06-19 01:51:57 |
Adam Lee |
linux (Ubuntu Vivid): status |
Fix Committed |
Fix Released |
|
| 2015-06-21 13:53:46 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/linux-lts-vivid |
|
| 2015-06-24 09:37:06 |
Luis Henriques |
tags |
kernel-bug-break-fix |
kernel-bug-break-fix verification-needed-trusty verification-needed-utopic verification-needed-vivid |
|
| 2015-06-24 10:08:20 |
Adam Lee |
tags |
kernel-bug-break-fix verification-needed-trusty verification-needed-utopic verification-needed-vivid |
kernel-bug-break-fix verification-done-trusty verification-done-utopic verification-done-vivid |
|
| 2015-07-06 15:46:53 |
Launchpad Janitor |
linux (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
| 2015-07-06 15:46:53 |
Launchpad Janitor |
cve linked |
|
2015-4167 |
|
| 2015-07-06 15:48:15 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2015-07-06 15:48:15 |
Launchpad Janitor |
cve linked |
|
2014-9710 |
|
| 2015-07-23 15:22:04 |
Andy Whitcroft |
tags |
kernel-bug-break-fix verification-done-trusty verification-done-utopic verification-done-vivid |
verification-done-trusty verification-done-utopic verification-done-vivid |
|
