On Thu, Sep 21, 2017 at 4:07 PM, Greg Kroah-Hartman
wrote:
> On Thu, Sep 21, 2017 at 03:51:44PM +0200, Andrey Konovalov wrote:
>> On Thu, Sep 21, 2017 at 10:04 AM, Greg Kroah-Hartman
>> wrote:
>> > On Thu, Sep 21, 2017 at 09:31:54AM +0200,
On Thu, Sep 21, 2017 at 03:51:44PM +0200, Andrey Konovalov wrote:
> On Thu, Sep 21, 2017 at 10:04 AM, Greg Kroah-Hartman
> wrote:
> > On Thu, Sep 21, 2017 at 09:31:54AM +0200, Greg Kroah-Hartman wrote:
> >> On Wed, Sep 20, 2017 at 04:45:08PM +0200, Andrey Konovalov
On Thu, Sep 21, 2017 at 10:04 AM, Greg Kroah-Hartman
wrote:
> On Thu, Sep 21, 2017 at 09:31:54AM +0200, Greg Kroah-Hartman wrote:
>> On Wed, Sep 20, 2017 at 04:45:08PM +0200, Andrey Konovalov wrote:
>> > Hi!
>> >
>> > I've got the following crash while fuzzing the
On Thu, Sep 21, 2017 at 09:31:54AM +0200, Greg Kroah-Hartman wrote:
> On Wed, Sep 20, 2017 at 04:45:08PM +0200, Andrey Konovalov wrote:
> > Hi!
> >
> > I've got the following crash while fuzzing the kernel with syzkaller.
> >
> > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
> >
On Wed, Sep 20, 2017 at 04:45:08PM +0200, Andrey Konovalov wrote:
> Hi!
>
> I've got the following crash while fuzzing the kernel with syzkaller.
>
> On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
>
> It looks like cdc_parse_cdc_header() doesn't validate buflen before
> accessing
Hi!
I've got the following crash while fuzzing the kernel with syzkaller.
On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18).
It looks like cdc_parse_cdc_header() doesn't validate buflen before
accessing buffer[1], buffer[2] and so on. The only check present is
while (buflen > 0).