Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]usb: storage: Fix memory leak in USB bulk transport[EOL][EOL]A kernel memory leak was identified by the 'ioctl_sg01' test from Linux[EOL]Test Project (LTP). The following bytes were mainly observed: 0x53425355.[EOL][EOL]When USB storage devices incorrectly skip the data phase with status data,[EOL]the code extracts/validates the CSW from the sg buffer, but fails to clear[EOL]it afterwards. This leaves status protocol data in srb's transfer buffer,[EOL]such as the US_BULK_CS_SIGN 'USBS' signature observed here. Thus, this can[EOL]lead to USB protocols leaks to user space through SCSI generic (/dev/sg*)[EOL]interfaces, such as the one seen here when the LTP test requested 512 KiB.[EOL][EOL]Fix the leak by zeroing the CSW data in srb's transfer buffer immediately[EOL]after the validation of devices that skip data phase.[EOL][EOL]Note: Differently from CVE-2018-1000204, which fixed a big leak by zero-[EOL]ing pages at allocation time, this leak occurs after allocation, when USB[EOL]protocol data is written to already-allocated sg pages.