The driver assumed that es58x_dev->udev->serial could never be NULL.
While this is true on commercially available devices, an attacker
could spoof the device identity providing a NULL USB serial number.
That would trigger a NULL pointer dereference.
Add a check on es58x_dev->udev->serial before accessing it.
Reported-by: yan kang <kangyan91@outlook.com>
Reported-by: yue sun <samsun1006219@gmail.com>
Closes: https://lore.kernel.org/linux-can/SY8P300MB0421E0013C0EBD2AA46BA709A1F42@SY8P300MB0421.AUSP300.PROD.OUTLOOK.COM/
Fixes:
|
||
|---|---|---|
| .. | ||
| etas_es58x | ||
| kvaser_usb | ||
| peak_usb | ||
| Kconfig | ||
| Makefile | ||
| ems_usb.c | ||
| esd_usb.c | ||
| f81604.c | ||
| gs_usb.c | ||
| mcba_usb.c | ||
| ucan.c | ||
| usb_8dev.c | ||