From ec24f6a1f8257662def1acf7182775cad47c73f6 Mon Sep 17 00:00:00 2001 From: gordon Date: Tue, 15 Sep 2020 21:42:05 +0000 Subject: [PATCH] Fix ure device driver susceptible to packet-in-packet attack. Approved by: so Approved by: re (implicit for releng/12.2) Security: FreeBSD-SA-20:27.ure Security: CVE-2020-7464 --- sys/dev/usb/net/if_ure.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/net/if_ure.c b/sys/dev/usb/net/if_ure.c index 9d7f47a576e..0d4032e4186 100644 --- a/sys/dev/usb/net/if_ure.c +++ b/sys/dev/usb/net/if_ure.c @@ -710,7 +710,9 @@ ure_init(struct usb_ether *ue) ~URE_RXDY_GATED_EN); /* Set Rx mode. */ - rxmode = URE_RCR_APM; + rxmode = ure_read_4(sc, URE_PLA_RCR, URE_MCU_TYPE_PLA); + rxmode &= ~URE_RCR_ACPT_ALL; + rxmode |= URE_RCR_APM; /* If we want promiscuous mode, set the allframes bit. */ if (ifp->if_flags & IFF_PROMISC) -- 2.45.0