Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / c8abb82ed8cd98eece6966cb01b82d47a1e8f9cb
commitc8abb82ed8cd98eece6966cb01b82d47a1e8f9cb[log] [tgz]
authorKees Cook <keescook@chromium.org>Wed Aug 28 22:31:52 2013 +0200
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Apr 05 10:19:12 2020 +0200
treeacd110f21a6f45a64e9e3a974745eef20a374336
parentc5bbae64565973fec076d0f48f70357e0a2721bf [diff]
HID: picolcd_core: validate output report details

commit 1e87a2456b0227ca4ab881e19a11bb99d164e792 upstream.

A HID device could send a malicious output report that would cause the
picolcd HID driver to trigger a NULL dereference during attr file writing.

[jkosina@suse.cz: changed

	report->maxfield < 1

to

	report->maxfield != 1

as suggested by Bruno].

CVE-2013-2899

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@kernel.org
Reviewed-by: Bruno Prémont <bonbons@linux-vserver.org>
Acked-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
[Kefeng: backported to stable 3.4: adjust filename]
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: acd110f21a6f45a64e9e3a974745eef20a374336
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS