tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

usb: gadget: aspeed_udc: validate endpoint index for ast udc

Browse Source 
BugLink: https://bugs.launchpad.net/bugs/2085849

[ Upstream commit ee0d382feb44ec0f445e2ad63786cd7f3f6a8199 ]

We should verify the bound of the array to assure that host
may not manipulate the index to point past endpoint array.

Found by static analysis.

Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Acked-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Link: https://lore.kernel.org/r/20240625022306.2568122-1-make24@iscas.ac.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
CVE-2024-46836
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
This commit is contained in:
Ma Ke
2024-06-25 10:23:06 +08:00
committed by Mehmet Basaran
parent a72d8dc47d
commit 809b3e7c26
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
drivers/usb/gadget/udc/aspeed_udc.c
+2
View File
@@ -1009,6 +1009,8 @@ static void ast_udc_getstatus(struct ast_udc_dev *udc)
break;
case USB_RECIP_ENDPOINT:
epnum = crq.wIndex & USB_ENDPOINT_NUMBER_MASK;
if (epnum >= AST_UDC_NUM_ENDPOINTS)
goto stall;
status = udc->ep[epnum].stopped;
break;
default: