Commit f1e255d6 authored 6 years ago by Jann Horn Committed by Greg Kroah-Hartman 6 years ago

USB: yurex: fix out-of-bounds uaccess in read handler


In general, accessing userspace memory beyond the length of the supplied
buffer in VFS read/write handlers can lead to both kernel memory corruption
(via kernel_read()/kernel_write(), which can e.g. be triggered via
sys_splice()) and privilege escalation inside userspace.

Fix it by using simple_read_from_buffer() instead of custom logic.

Fixes: 6bc235a2 ("USB: add driver for Meywa-Denki & Kayac YUREX")
Signed-off-by: Jann Horn <jannh@google.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent bba57edd

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 6 additions and 17 deletions

Please register or to comment

Admin message

USB: yurex: fix out-of-bounds uaccess in read handler