1
linux/drivers
Josh Boyer 9c6ba45671 Input: powermate - fix oops with malicious USB descriptors
The powermate driver expects at least one valid USB endpoint in its
probe function.  If given malicious descriptors that specify 0 for
the number of endpoints, it will crash.  Validate the number of
endpoints on the interface before using them.

The full report for this issue can be found here:
http://seclists.org/bugtraq/2016/Mar/85

Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2016-03-14 09:36:49 -07:00
..
accessibility
acpi ACPI / property: avoid leaking format string into kobject name 2016-01-08 01:01:41 +01:00
amba
android
ata ata/sata_fsl.c: add ATA_FLAG_NO_LOG_PAGE to blacklist the controller for log page reads 2015-12-07 10:25:57 -05:00
atm
auxdisplay
base Merge branches 'powercap', 'pm-cpufreq' and 'pm-domains' 2015-12-14 22:58:57 +01:00
bcma
block null_blk: use async queue restart helper 2015-12-28 13:07:09 -07:00
bluetooth
bus bus: sunxi-rsb: Fix peripheral IC mapping runtime address 2015-12-22 11:42:30 -08:00
cdrom
char ipmi: move timer init to before irq is setup 2015-12-09 13:13:06 -06:00
clk ARM: SoC fixes for 4.4-rc 2015-12-12 16:43:44 -08:00
clocksource clocksource: Mmio: remove artificial 32bit limitation 2015-12-10 19:37:18 +01:00
connector connector: bump skb->users before callback invocation 2016-01-04 21:46:45 -05:00
cpufreq cpufreq: scpi-cpufreq: signedness bug in scpi_get_dvfs_info() 2015-12-24 02:11:37 +01:00
cpuidle
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-12-05 10:46:44 -08:00
dca
devfreq
dio
dma dmaengine: xgene-dma: Fix double IRQ issue by setting IRQ_DISABLE_UNLAZY flag 2016-01-07 11:09:36 +05:30
dma-buf
edac
eisa
extcon
firewire
firmware firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6 2016-01-08 09:00:54 +01:00
fmc
fpga fpga manager: Fix firmware resource leak on error 2015-11-24 15:25:46 -08:00
gpio Merge branch 'rotary-encoder' into next 2016-03-04 11:32:40 -08:00
gpu Merge branch 'linux-4.4' of git://github.com/skeggsb/linux into drm-fixes 2016-01-07 17:18:45 +10:00
hid USB fixes for 4.4-rc5 2015-12-13 11:58:18 -08:00
hsi
hv
hwmon hwmon: (sht15) Select CONFIG_BITREVERSE 2015-12-18 08:19:52 -08:00
hwspinlock
hwtracing
i2c i2c: rcar: disable runtime PM correctly in slave mode 2015-12-19 12:00:37 +01:00
ide
idle
iio iio: adc: spmi-vadc: add missing of_node_put 2015-11-21 18:24:44 +00:00
infiniband RDMA/ocrdma: Depend on async link events from CNA 2015-12-28 11:45:54 -05:00
input Input: powermate - fix oops with malicious USB descriptors 2016-03-14 09:36:49 -07:00
iommu iommu/dma: Use correct offset in map_sg 2016-01-07 13:36:41 +01:00
ipack
irqchip irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB 2015-12-01 22:50:16 +01:00
isdn ser_gigaset: remove unnecessary kfree() calls from release method 2015-12-15 13:24:21 -05:00
leds
lguest
lightnvm lightnvm: wrong offset in bad blk lun calculation 2015-12-29 08:28:32 -07:00
macintosh
mailbox
mcb
md md: remove check for MD_RECOVERY_NEEDED in action_store. 2015-12-21 11:10:06 +11:00
media media fixes for v4.4-rc6 2015-12-18 15:41:35 -08:00
memory fsl-ifc: add missing include on ARM64 2015-12-16 00:16:58 +01:00
memstick
message
mfd
misc cxl: Set endianess of kernel contexts 2015-12-08 16:57:01 +11:00
mmc
mtd Three last MTD fixes for v4.4. These are all fixes for regressions and bugs 2016-01-06 20:32:08 -08:00
net Driver: Vmxnet3: Fix regression caused by 5738a09 2016-01-06 16:20:13 -05:00
nfc
ntb
nubus
nvdimm
nvme NVMe: IO ending fixes on surprise removal 2015-12-22 10:12:04 -07:00
nvmem
of of/irq: Export of_irq_find_parent again 2015-12-09 09:08:36 -06:00
oprofile
parisc parisc iommu: fix panic due to trying to allocate too large region 2015-12-12 16:07:25 +01:00
parport
pci PCI updates for v4.4: 2016-01-09 14:44:44 -08:00
pcmcia
perf
phy phy: core: Get a refcount to phy in devm_of_phy_get_by_index() 2015-12-07 18:44:02 +05:30
pinctrl pinctrl: bcm2835: Fix initial value for direction_output 2015-12-14 11:31:20 +01:00
platform
pnp
power
powercap powercap / RAPL: fix BIOS lock check 2015-12-12 02:31:11 +01:00
pps
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc remoteproc: fix memory leak of remoteproc ida cache layers 2015-11-26 17:44:28 +02:00
reset
rpmsg
rtc rtc: da9063: fix access ordering error during RTC interrupt at system power on 2015-12-20 13:39:29 +01:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-12-22 15:43:18 -08:00
sbus
scsi Merge remote-tracking branch 'mkp-scsi/4.4/scsi-fixes' into fixes 2015-12-28 07:19:58 -08:00
sfi
sh
sn
soc Few Keystone fixes for 4.4-rcx 2015-11-25 23:48:12 +01:00
spi Merge remote-tracking branches 'spi/fix/dspi' and 'spi/fix/spidev' into spi-linus 2015-12-16 13:28:32 +00:00
spmi
ssb
staging Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2015-12-17 11:20:13 -08:00
target target/stat: print full t10_wwn.model buffer 2015-11-28 21:23:13 -08:00
tc
thermal imx: thermal: use CPU temperature grade info for thresholds 2015-11-23 16:38:40 -08:00
thunderbolt
tty Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2015-12-25 13:15:23 -08:00
uio
usb USB: fix invalid memory access in hub_activate() 2015-12-18 09:30:34 -08:00
uwb
vfio Revert: "vfio: Include No-IOMMU mode" 2015-12-04 08:38:42 -07:00
vhost vhost: replace % with & on data path 2015-12-07 17:28:10 +02:00
video OMAPDSS: fix timings for VENC to match what omapdrm expects 2015-12-09 12:57:13 +02:00
virt
virtio virtio_ring: shadow available ring flags & index 2015-12-07 17:28:11 +02:00
vlynq
vme
w1
watchdog watchdog: mtk_wdt: Use MODE_KEY when stopping the watchdog 2015-11-23 09:00:09 +01:00
xen xen: bug fixes for 4.4-rc5 2015-12-18 12:24:52 -08:00
zorro
Kconfig
Makefile