Headline
CVE-2018-16276: USB: yurex: fix out-of-bounds uaccess in read handler · torvalds/linux@f1e255d
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
Permalink
Browse files
USB: yurex: fix out-of-bounds uaccess in read handler
In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace.
Fix it by using simple_read_from_buffer() instead of custom logic.
Fixes: 6bc235a (“USB: add driver for Meywa-Denki & Kayac YUREX”) Signed-off-by: Jann Horn [email protected] Cc: stable [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]
- Loading branch information