On Tue, Sep 15, 2020 at 11:52:57PM +0530, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Hello,
>
> * While servicing transfer descriptors(TD) in ohci_service[_iso]_td
> routines, it may lead to out-of-bounds access and/or infinite loop
> issues, as the OHCI controller driver may supply malicious values
> to derive frame_number, start_addr, end_addr etc. variables.
>
> * This series breaks earlier single patch into two.
> One for an out-of-bounds access issue and another to fix infinite
> loop case.
> -> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05145.html
Added to usb patch queue.
thanks,
Gerd