On 12/4/22 21:36, Szymon Heidrich wrote:
Hi,
sorry for the delays.
diff --git a/drivers/usb/gadget/rndis.c b/drivers/usb/gadget/rndis.c
index 13c327ea38..3948f2cc9a 100644
--- a/drivers/usb/gadget/rndis.c
+++ b/drivers/usb/gadget/rndis.c
@@ -855,14 +855,17 @@ static int rndis_set_response(int
On 04/12/2022 20:12, Marek Vasut wrote:
> On 12/3/22 15:59, Szymon Heidrich wrote:
>> On 20/11/2022 16:02, Fabio Estevam wrote:
>>> Szymon,
>>>
>>> On Thu, Nov 17, 2022 at 4:46 PM Szymon Heidrich
>>> wrote:
Prevent access to arbitrary memory locations in gen_ndis_set_resp
via
On 12/3/22 15:59, Szymon Heidrich wrote:
On 20/11/2022 16:02, Fabio Estevam wrote:
Szymon,
On Thu, Nov 17, 2022 at 4:46 PM Szymon Heidrich
wrote:
Prevent access to arbitrary memory locations in gen_ndis_set_resp
via manipulation of buf->InformationBufferOffset. Lack of validation
of
On 20/11/2022 16:02, Fabio Estevam wrote:
> Szymon,
>
> On Thu, Nov 17, 2022 at 4:46 PM Szymon Heidrich
> wrote:
>>
>> Prevent access to arbitrary memory locations in gen_ndis_set_resp
>> via manipulation of buf->InformationBufferOffset. Lack of validation
>> of BufOffset could be exploited to
Szymon,
On Thu, Nov 17, 2022 at 4:46 PM Szymon Heidrich
wrote:
>
> Prevent access to arbitrary memory locations in gen_ndis_set_resp
> via manipulation of buf->InformationBufferOffset. Lack of validation
> of BufOffset could be exploited to dump arbitrary memory contents
> via NDIS packet
Prevent access to arbitrary memory locations in gen_ndis_set_resp
via manipulation of buf->InformationBufferOffset. Lack of validation
of BufOffset could be exploited to dump arbitrary memory contents
via NDIS packet filter.
Signed-off-by: Szymon Heidrich
---
drivers/usb/gadget/rndis.c | 9
6 matches
Mail list logo