References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header

The driver expects to receive a struct gs_host_frame in
gs_usb_receive_bulk_callback().

Use struct_group to describe the header of the struct gs_host_frame and
check that we have at least received the header before accessing any
members of it.

To resubmit the URB, do not dereference the pointer chain
"dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since
"urb->context" contains "parent", it is always defined, while "dev" is not
defined if the URB it too short.

https://git.kernel.org/stable/c/18cbce43363c9f84b90a92d57df341155eee0697

https://git.kernel.org/stable/c/3433680b759646efcacc64fe36aa2e51ae34b8f0

https://git.kernel.org/stable/c/616eee3e895b8ca0028163fcb1dce5e3e9dea322

https://git.kernel.org/stable/c/6fe9f3279f7d2518439a7962c5870c6e9ecbadcf

https://git.kernel.org/stable/c/f31693dc3a584c0ad3937e857b59dbc1a7ed2b87