Commit ec9d264e authored by Edward Adam Davis's avatar Edward Adam Davis Committed by Yipeng Zou
Browse files

USB: usbtmc: prevent kernel-usb-infoleak 

mainline inclusion
from mainline-v6.12-rc1
commit 625fa77151f00c1bd00d34d60d6f2e710b3f9aad
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAVU7U
CVE: CVE-2024-47671

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=625fa77151f00c1bd00d34d60d6f2e710b3f9aad



--------------------------------

The syzbot reported a kernel-usb-infoleak in usbtmc_write,
we need to clear the structure before filling fields.

Fixes: 4ddc645f ("usb: usbtmc: Add ioctl for vendor specific write")
Reported-and-tested-by: default avatar <syzbot+9d34f80f841e948c3fdb@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=9d34f80f841e948c3fdb


Signed-off-by: default avatarEdward Adam Davis <eadavis@qq.com>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/tencent_9649AA6EC56EDECCA8A7D106C792D1C66B06@qq.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent f7c1291d

drivers/usb/class/usbtmc.c

+1 −1
Original line number Diff line number Diff line
@@ -754,7 +754,7 @@ static struct urb *usbtmc_create_urb(void) 
	if (!urb)

		return NULL;



	dmabuf = kmalloc(bufsize, GFP_KERNEL);

	dmabuf = kzalloc(bufsize, GFP_KERNEL);

	if (!dmabuf) {

		usb_free_urb(urb);

		return NULL;