averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-03 12:05:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0da170b9e600da6930cfb8352e4cc036db3b6159
linux-stable-mirror/sound/firewire
History
Junrui Luo c0a1fe1902 ALSA: dice: fix buffer overflow in detect_stream_formats() 
commit 324f3e03e8 upstream.

The function detect_stream_formats() reads the stream_count value directly
from a FireWire device without validating it. This can lead to
out-of-bounds writes when a malicious device provides a stream_count value
greater than MAX_STREAMS.

Fix by applying the same validation to both TX and RX stream counts in
detect_stream_formats().

Reported-by: Yuhao Jiang <danisjiang@gmail.com>
Reported-by: Junrui Luo <moonafterrain@outlook.com>
Fixes: 58579c056c ("ALSA: dice: use extended protocol to detect available stream formats")
Cc: stable@vger.kernel.org
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Junrui Luo <moonafterrain@outlook.com>
Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-12-18 13:55:23 +01:00
..
bebob
dice
ALSA: dice: fix buffer overflow in detect_stream_formats()
2025-12-18 13:55:23 +01:00
digi00x
fireface
fireworks
motu
ALSA: firewire-motu: add bounds check in put_user loop for DSP events
2025-12-18 13:55:20 +01:00
oxfw
tascam
amdtp-am824.c
amdtp-am824.h
amdtp-stream-trace.h
amdtp-stream.c
amdtp-stream.h
cmp.c
cmp.h
fcp.c
fcp.h
isight.c
iso-resources.c
iso-resources.h
Kconfig
lib.c
lib.h
Makefile
packets-buffer.c
packets-buffer.h