redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
Rustam Kovhaev c570a3d660 staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() 
commit fea22e159d upstream.

let's use usb_find_common_endpoints() to discover endpoints, it does all
necessary checks for type and xfer direction

remove memset() in hfa384x_create(), because we now assign endpoints in
prism2sta_probe_usb() and because create_wlan() uses kzalloc() to
allocate hfa384x struct before calling hfa384x_create()

Fixes: faaff97656 ("staging: wlan-ng: properly check endpoint types")
Reported-and-tested-by: syzbot+22794221ab96b0bab53a@syzkaller.appspotmail.com
Link: https://syzkaller.appspot.com/bug?extid=22794221ab96b0bab53a
Signed-off-by: Rustam Kovhaev <rkovhaev@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200804145614.104320-1-rkovhaev@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-09-17 13:47:51 +02:00
..
accessibility
acpi ACPICA: Do not increment operation_region reference counts for field units 2020-08-19 08:16:05 +02:00
amba
android binder: Prevent context manager from incrementing ref 0 2020-08-11 15:33:35 +02:00
ata libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks 2020-09-09 19:12:34 +02:00
atm firestream: Fix memleak in fs_open 2020-09-17 13:47:45 +02:00
auxdisplay
base device property: Fix the secondary firmware node handling in set_primary_fwnode() 2020-09-03 11:27:05 +02:00
bcma
block nbd: restore default timeout when setting it to zero 2020-09-09 19:12:22 +02:00
bluetooth Bluetooth: hci_serdev: Only unregister device if it was registered 2020-08-19 08:16:16 +02:00
bus bus: ti-sysc: Add missing quirk flags for usb_host_hs 2020-08-19 08:16:00 +02:00
cdrom
char tpm: Unify the mismatching TPM space buffer sizes 2020-08-19 08:16:27 +02:00
clk clk: bcm2835: Do not use prediv with bcm2711's PLLs 2020-08-21 13:05:35 +02:00
clocksource arm64: arch_timer: Disable the compat vdso for cores affected by ARM64_WORKAROUND_1418040 2020-07-22 09:32:51 +02:00
connector
counter counter: 104-quad-8: Add lock guards - generic interface 2020-05-02 08:48:44 +02:00
cpufreq cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled 2020-09-17 13:47:49 +02:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:12:21 +02:00
crypto crypto: caam - Remove broken arc4 support 2020-08-21 13:05:32 +02:00
dax device-dax: don't leak kernel memory to user space after unloading kmem 2020-05-27 17:46:48 +02:00
dca
devfreq PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent 2020-09-03 11:26:50 +02:00
dio
dma drivers/dma/dma-jz4780: Fix race condition between probe and irq handler 2020-09-17 13:47:46 +02:00
dma-buf dmabuf: use spinlock to access dmabuf->name 2020-07-29 10:18:29 +02:00
edac EDAC/{i7core,sb,pnd2,skx}: Fix error event severity 2020-09-03 11:26:53 +02:00
eisa
extcon extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' 2020-06-24 17:50:36 +02:00
firewire
firmware efi: add missed destroy_workqueue when efisubsys_init fails 2020-08-26 10:41:07 +02:00
fpga fpga: dfl: fix bug in port reset handshake 2020-07-29 10:18:31 +02:00
fsi
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:31:20 +02:00
gpio gpio: arizona: put pm_runtime in case of failure 2020-07-29 10:18:26 +02:00
gpu drm/amdgpu: Fix bug in reporting voltage for CIK 2020-09-17 13:47:49 +02:00
greybus
hid HID: elan: Fix memleak in elan_input_configured 2020-09-17 13:47:48 +02:00
hsi
hv Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23) 2020-08-11 15:33:38 +02:00
hwmon hwmon: (applesmc) check status earlier. 2020-09-09 19:12:20 +02:00
hwspinlock
hwtracing coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb() 2020-08-19 08:16:14 +02:00
i2c i2c: rcar: in slave mode, clear NACK earlier 2020-09-03 11:26:55 +02:00
i3c
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:36:53 +01:00
idle
iio iio:accel:mma8452: Fix timestamp alignment and prevent data leak. 2020-09-17 13:47:51 +02:00
infiniband IB/isert: Fix unaligned immediate-data handling 2020-09-17 13:47:44 +02:00
input Input: psmouse - add a newline when printing 'proto' by sysfs 2020-08-26 10:40:55 +02:00
interconnect
iommu iommu/amd: Do not use IOMMUv2 functionality when SME is active 2020-09-17 13:47:49 +02:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:46:47 +02:00
irqchip irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake 2020-09-03 11:27:06 +02:00
isdn
leds leds: core: Flush scheduled work for system suspend 2020-08-19 08:16:11 +02:00
lightnvm
macintosh macintosh/via-macii: Access autopoll_devs when inside lock 2020-08-19 08:16:15 +02:00
mailbox mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe() 2020-06-24 17:50:36 +02:00
mcb
md dm thin metadata: Fix use-after-free in dm_bm_set_read_only 2020-09-09 19:12:36 +02:00
media media: rc: uevent sysfs file races with rc_unregister_device() 2020-09-09 19:12:34 +02:00
memory
memstick
message scsi: mptscsih: Fix read sense data size 2020-07-16 08:16:36 +02:00
mfd mfd: intel-lpss: Add Intel Tiger Lake PCH-H PCI IDs 2020-09-03 11:26:43 +02:00
misc habanalabs: check correct vmalloc return code 2020-09-09 19:12:21 +02:00
mmc mmc: sdhci-msm: Add retries when all tuning phases are found valid 2020-09-17 13:47:44 +02:00
mtd mtd: rawnand: fsl_upm: Remove unused mtd var 2020-08-21 13:05:30 +02:00
mux
net drivers/net/wan/hdlc_cisco: Add hard_header_len 2020-09-17 13:47:48 +02:00
nfc NFC: st95hf: Fix memleak in st95hf_in_send_cmd 2020-09-17 13:47:45 +02:00
ntb NTB: perf: Fix race condition when run with ntb_test 2020-06-24 17:50:41 +02:00
nubus
nvdimm libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr 2020-08-21 13:05:35 +02:00
nvme nvme-pci: cancel nvme device request before disabling 2020-09-17 13:47:48 +02:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 20:24:57 +02:00
of of: of_mdio: Correct loop scanning logic 2020-07-22 09:32:55 +02:00
opp opp: Enable resources again if they were disabled earlier 2020-08-26 10:40:53 +02:00
oprofile
parisc parisc: mask out enable and reserved bits from sba imask 2020-08-19 08:16:26 +02:00
parport
pci PCI: qcom: Add missing reset for ipq806x 2020-09-03 11:26:53 +02:00
pcmcia
perf drivers/perf: Prevent forced unbinding of PMU drivers 2020-07-29 10:18:40 +02:00
phy phy: armada-38x: fix NETA lockup when repeatedly switching speeds 2020-08-19 08:16:14 +02:00
pinctrl pinctrl: ingenic: Properly detect GPIO direction when configured for IRQ 2020-08-21 13:05:29 +02:00
platform platform/chrome: cros_ec_ishtp: Fix a double-unlock issue 2020-08-21 13:05:30 +02:00
pnp
power power: supply: check if calc_soc succeeded in pm860x_init_battery 2020-08-19 08:16:16 +02:00
powercap
pps
ps3
ptp
pwm pwm: bcm-iproc: handle clk_get_rate() return 2020-08-21 13:05:34 +02:00
rapidio rapidio: fix an error in get_user_pages_fast() error handling 2020-05-27 17:46:48 +02:00
ras
regulator regulator: remove superfluous lock in regulator_resolve_coupling() 2020-09-17 13:47:41 +02:00
remoteproc remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load 2020-08-21 13:05:29 +02:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:36:41 +01:00
rpmsg
rtc rtc: goldfish: Enable interrupt in set_alarm() when necessary 2020-08-26 10:40:54 +02:00
s390 s390/cio: add cond_resched() in the slow_eval_known_fn() loop 2020-09-03 11:26:59 +02:00
sbus
scsi scsi: mpt3sas: Don't call disable_irq from IRQ poll handler 2020-09-17 13:47:43 +02:00
sfi
sh
siox
slimbus slimbus: core: Fix mismatch in of_node_get/put 2020-07-22 09:33:08 +02:00
soc soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag 2020-08-19 08:15:59 +02:00
soundwire soundwire: fix double free of dangling pointer 2020-09-17 13:47:43 +02:00
spi spi: stm32: fix pm_runtime_get_sync() error checking 2020-09-17 13:47:44 +02:00
spmi spmi: pmic-arb: Set lockdep class for hierarchical irq domains 2020-02-19 19:53:07 +01:00
ssb
staging staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() 2020-09-17 13:47:51 +02:00
target scsi: target: tcmu: Optimize use of flush_dcache_page 2020-09-05 11:22:51 +02:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 21:22:49 +00:00
thermal thermal: qcom-spmi-temp-alarm: Don't suppress negative temp 2020-09-09 19:12:29 +02:00
thunderbolt thunderbolt: Prevent crash if non-active NVMem file is read 2020-02-28 17:22:13 +01:00
tty tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup 2020-09-09 19:12:20 +02:00
uio uio_pdrv_genirq: fix use without device tree and no interrupt 2020-07-22 09:33:13 +02:00
usb usb: dwc3: gadget: Handle ZLP for sg requests 2020-09-03 11:27:09 +02:00
vfio vfio/pci: Fix SR-IOV VF handling with MMIO blocking 2020-09-09 19:12:36 +02:00
vhost vhost/scsi: fix up req type endian-ness 2020-08-05 09:59:42 +02:00
video fbmem: pull fbcon_update_vcs() out of fb_set_var() 2020-09-03 11:27:09 +02:00
virt virt: vbox: Fix guest capabilities mask check 2020-07-22 09:33:11 +02:00
virtio virtio_ring: Avoid loop when vq is broken in virtqueue_poll 2020-08-26 10:40:57 +02:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:36:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:36:48 +01:00
w1 w1: omap-hdq: cleanup to add missing newline for some dev_dbg 2020-06-22 09:31:26 +02:00
watchdog watchdog: initialize device before misc_register 2020-08-21 13:05:36 +02:00
xen xen/xenbus: Fix granting of vmalloc'd memory 2020-09-09 19:12:22 +02:00
zorro
Kconfig
Makefile