References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

In the Linux kernel, the following vulnerability has been resolved:

net: asix: add proper error handling of usb read errors

Syzbot once again hit uninit value in asix driver. The problem still the
same -- asix_read_cmd() reads less bytes, than was requested by caller.

Since all read requests are performed via asix_read_cmd() let's catch
usb related error there and add __must_check notation to be sure all
callers actually check return value.

So, this patch adds sanity check inside asix_read_c

https://git.kernel.org/stable/c/662ff765470ad0d11a1153d6d8e99d69a98e60b4

https://git.kernel.org/stable/c/920a9fa27e7805499cfe78491b36fed2322c02ec

https://git.kernel.org/stable/c/9ea8d2fca8fea3b17005b4dc02f8ef15f7a2fb97

https://git.kernel.org/stable/c/b96a7265f763b37ff3138b9ca8122a950f13b00e