2024-08-07 15:14:25
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string s could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == n) followed closely by an OOB write in the form `str[0 - 1] = 0`. There is already a validating check to catch strings that are too long. Lets supply an additional check for invalid strings that are too short.