CVE-2023-54110

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: rndis_host: Secure rndis_query check against int overflow<br /> <br /> Variables off and len typed as uint32 in rndis_query function<br /> are controlled by incoming RNDIS response message thus their<br /> value may be manipulated. Setting off to a unexpectetly large<br /> value will cause the sum with len and 8 to overflow and pass<br /> the implemented validation step. Consequently the response<br /> pointer will be referring to a location past the expected<br /> buffer boundaries allowing information leakage e.g. via<br /> RNDIS_OID_802_3_PERMANENT_ADDRESS OID.