| Message ID | 20230731160052.15908-2-yuxuan.luo@canonical.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <kernel-team-bounces@lists.ubuntu.com> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=sgThoSl7; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RF2z90VBDz1yZD for <incoming@patchwork.ozlabs.org>; Tue, 1 Aug 2023 02:01:09 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from <kernel-team-bounces@lists.ubuntu.com>) id 1qQVKP-0002y8-CG; Mon, 31 Jul 2023 16:01:01 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from <yuxuan.luo@canonical.com>) id 1qQVKN-0002vk-Uy for kernel-team@lists.ubuntu.com; Mon, 31 Jul 2023 16:00:59 +0000 Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com [209.85.222.197]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id B5E6C3F723 for <kernel-team@lists.ubuntu.com>; Mon, 31 Jul 2023 16:00:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1690819258; bh=doU3TRjSQRVaq7aEATV4RBgW/ZATSAz95XcsNt4DrJk=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=sgThoSl7jQ2B2tN+SI/lGrcrbpGGYVkJqZJa/syMeuzgTmupM4kk/FR+gcnxv4u0t JdQSGxD0O9wqNZd+jFHmlYxrAomYefnCraXdKkwvfe8ZNoo/jAgaacndd9kHu/MYts AvmNQtwdvXPZH0900gZj7Hn+iF9krbx4y2pF2HTpoA98R68bIDL3dnQPL6RS0dE5iU iVSOiF+uTbPeEApqG8jp88k1NN5nnI3zOOStWx5EyPCqQmcAhNzvbeKfQCGIkddaVS 1emVZA/YkVNAClh9luokFPs8Wyz/x0EMr6iMmobooVJ796KH4Xa8wLJ6rP3JP1uOvS BXtNJDu3ZMigw== Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-76c7e6b9e16so229950585a.1 for <kernel-team@lists.ubuntu.com>; Mon, 31 Jul 2023 09:00:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690819257; x=1691424057; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=doU3TRjSQRVaq7aEATV4RBgW/ZATSAz95XcsNt4DrJk=; b=a55KTaYkrNWmB5/723x1CFPwKioqelIi7J6lHNLi+2E2RKg2d9U/bQs+VeMDeoAOPE Pl5zRFVWXXckAdFRnj2ydlZlW5O9/pjuvvOvizrql8Ob5W1X4VtB6M+bCyVVhzxq8iA1 dGzCa4U+iPQMT2IgWWebcYZNvJ+vlbQtzFujY63FYY99mXoEb8Y184qH3GSWokkHaag0 SUptV9MjQC8fzjjcuthnxRms10kbZmAIwH3zDL4qtivuxoPKjCLc3GkU3/B9hnGO2uTD 62KQTepPro0JFzFZUrHYfjxmeeFUxZLCJFyCaJkwQL2xl1f6Z/B/a3SIhfRmQzRESXBC Ae+Q== X-Gm-Message-State: ABy/qLYuNGLF3N4fZ/4XA3jKXxAOf90dZcw3CmA5sZPWMmIg3GV45J14 +7KtlGzpC7Kr9+w4qkogTvCEGZhvguiiLDjzO9L/lJrjNpgZwWD823tAIvrhe2NiLwvOZf9XB/X PNLLX3Gc1dSmxSLH9c+4ytBWbM/Ps0Wi1WwlpMdtAtUlzMlk34g== X-Received: by 2002:a05:620a:294e:b0:765:3ca0:3708 with SMTP id n14-20020a05620a294e00b007653ca03708mr8893530qkp.75.1690819257159; Mon, 31 Jul 2023 09:00:57 -0700 (PDT) X-Google-Smtp-Source: APBJJlEEN9bf22hfs9OUXwd/kzhMqPXBnUzOmIlWPqf0tjd0++sLLoh8u4q8UhIs6KsbcfsIFBHFag== X-Received: by 2002:a05:620a:294e:b0:765:3ca0:3708 with SMTP id n14-20020a05620a294e00b007653ca03708mr8893496qkp.75.1690819256633; Mon, 31 Jul 2023 09:00:56 -0700 (PDT) Received: from cache-ubuntu.hsd1.nj.comcast.net ([2601:86:200:98b0:efbf:72b2:3777:4551]) by smtp.gmail.com with ESMTPSA id o9-20020a05620a110900b0076c84240467sm2617047qkk.52.2023.07.31.09.00.56 for <kernel-team@lists.ubuntu.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Jul 2023 09:00:56 -0700 (PDT) From: Yuxuan Luo <yuxuan.luo@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU][Jammy-OEM-5.17/OEM-6.0][PATCH 1/1] media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() Date: Mon, 31 Jul 2023 12:00:52 -0400 Message-Id: <20230731160052.15908-2-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230731160052.15908-1-yuxuan.luo@canonical.com> References: <20230731160052.15908-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/kernel-team> List-Post: <mailto:kernel-team@lists.ubuntu.com> List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>, <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com> |
| Series |
CVE-2023-28328
|
expand
|
diff --git a/drivers/media/usb/dvb-usb/az6027.c b/drivers/media/usb/dvb-usb/az6027.c index 86788771175b..32b4ee65c280 100644 --- a/drivers/media/usb/dvb-usb/az6027.c +++ b/drivers/media/usb/dvb-usb/az6027.c @@ -975,6 +975,10 @@ static int az6027_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg msg[], int n if (msg[i].addr == 0x99) { req = 0xBE; index = 0; + if (msg[i].len < 1) { + i = -EOPNOTSUPP; + break; + } value = msg[i].buf[0] & 0x00ff; length = 1; az6027_usb_out_op(d, req, value, index, data, length);