1. Patchew
  2. linux
  3. View series

[PATCH 0/2] usb: storage: Fix memory leak in USB bulk transport

Desnes Nunes posted 2 patches 1 month, 2 weeks ago
There is a newer version of this series
drivers/usb/storage/transport.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
[PATCH 0/2] usb: storage: Fix memory leak in USB bulk transport
Posted by Desnes Nunes 1 month, 2 weeks ago 
This series mainly fixes an usb storage memory leak that was identified by
the LTP ioctl_sg01 test. In short, a big enough SG_IO request can trick a
device into sending a CSW status during the data phase, which will in turn
leak USB protocol data to user-space. Differently from the big leak that
also started with the US_BULK_CS_SIGN from CVE-2018-1000204, this only
happens after the allocation of sg pages for the srb transfer-buffer.

Desnes Nunes (2):
  usb: storage: Fix memory leak in USB bulk transport
  usb: storage: rearrange triple nested CSW data phase check

 drivers/usb/storage/transport.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

-- 
2.50.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.