Commit 7b0f997a authored by Johan Hovold's avatar Johan Hovold Committed by Liu Shixin
Browse files

comedi: vmk80xx: fix bulk-buffer overflow 

stable inclusion
from stable-v4.19.217
commit 063f576c43d589a4c153554b681d32b3f8317c7b
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9RD4V
CVE: CVE-2021-47474

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=063f576c43d589a4c153554b681d32b3f8317c7b



--------------------------------

commit 78cdfd62 upstream.

The driver is using endpoint-sized buffers but must not assume that the
tx and rx buffers are of equal size or a malicious device could overflow
the slab-allocated receive buffer when doing bulk transfers.

Fixes: 985cafcc ("Staging: Comedi: vmk80xx: Add k8061 support")
Cc: stable@vger.kernel.org      # 2.6.31
Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
Reviewed-by: default avatarIan Abbott <abbotti@mev.co.uk>
Link: https://lore.kernel.org/r/20211025114532.4599-5-johan@kernel.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLiu Shixin <liushixin2@huawei.com>
parent 6a985437
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment