FPII-2528 : Information disclosure vulnerability in kernel components CVE-2016-7915 A-30951261
In the hid_input_field function, there is a potential for an out-of-bounds read.
The fix is designed to add additional bounds checks to prevent the potential out-of-bounds read.
Change-Id: Idbb5466e9163e5ebb69d9d64729206ad5e7dedce
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 4da66b4..8e7b22e 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -921,6 +921,7 @@
/* Ignore report if ErrorRollOver */
if (!(field->flags & HID_MAIN_ITEM_VARIABLE) &&
value[n] >= min && value[n] <= max &&
+ value[n] - min < field->maxusage &&
field->usage[value[n] - min].hid == HID_UP_KEYBOARD + 1)
goto exit;
}
@@ -933,11 +934,13 @@
}
if (field->value[n] >= min && field->value[n] <= max
+ && field->value[n] - min < field->maxusage
&& field->usage[field->value[n] - min].hid
&& search(value, field->value[n], count))
hid_process_event(hid, field, &field->usage[field->value[n] - min], 0, interrupt);
if (value[n] >= min && value[n] <= max
+ && value[n] - min < field->maxusage
&& field->usage[value[n] - min].hid
&& search(field->value, value[n], count))
hid_process_event(hid, field, &field->usage[value[n] - min], 1, interrupt);