This Linux kernel change "ISDN: hfcsusb: checking idx of ep configuration" is included in the Linux 4.14.136 release. This change is authored by Phong Tran <tranmanphong [at] gmail.com> on Mon Jul 15 22:08:14 2019 +0700. The commit for this change in Linux stable tree is b05c76b (patch) which is from upstream commit f384e62. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream f384e62.
ISDN: hfcsusb: checking idx of ep configuration commit f384e62a82ba5d85408405fdd6aeff89354deaa9 upstream. The syzbot test with random endpoint address which made the idx is overflow in the table of endpoint configuations. this adds the checking for fixing the error report from syzbot KASAN: stack-out-of-bounds Read in hfcsusb_probe  The patch tested by syzbot  Reported-by: firstname.lastname@example.org : https://syzkaller.appspot.com/bug?id=30a04378dac680c5d521304a00a86156bb913522 : https://groups.google.com/d/msg/syzkaller-bugs/_6HBdge8F3E/OJn7wVNpBAAJ Signed-off-by: Phong Tran <email@example.com> Signed-off-by: David S. Miller <firstname.lastname@example.org> Signed-off-by: Greg Kroah-Hartman <email@example.com>
There are 3 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.
drivers/isdn/hardware/mISDN/hfcsusb.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c index 17cc879..35983c7 100644 --- a/drivers/isdn/hardware/mISDN/hfcsusb.c +++ b/drivers/isdn/hardware/mISDN/hfcsusb.c @@ -1963,6 +1963,9 @@ static int write_reg(struct hfcsusb *hw, __u8 reg, __u8 val) /* get endpoint base */ idx = ((ep_addr & 0x7f) - 1) * 2; + if (idx > 15) + return -EIO; + if (ep_addr & 0x80) idx++; attr = ep->desc.bmAttributes;