Out of bounds access in service_tx_status_request() in musb_gadget_ep0.c

Marek Vasut marex at denx.de
Mon Apr 5 14:34:15 CEST 2021

On 4/5/21 2:38 AM, Heinrich Schuchardt wrote:
> Hello Marek,


> &musb->endpoints[epnum].ep_out may be accessed out of bounds if a device
> sends a malformed message with ctrlrequest->wIndex = 0x10.


> The Linux code avoids this issue.

Please send a fix, thanks.

More information about the U-Boot mailing list