On Wed, Sep 4, 2013 at 6:37 PM, Kees Cook <[email protected]> wrote: > This driver must validate the availability of the HID output report and > its size before it can write LED states via buzz_set_leds(). This stops > a heap overflow that is possible if a device provides a malicious HID > output report: > > [ 108.171280] usb 1-1: New USB device found, idVendor=054c, idProduct=0002 > ... > [ 117.507877] BUG kmalloc-192 (Not tainted): Redzone overwritten > > CVE-2013-2890 > > Signed-off-by: Kees Cook <[email protected]> > Cc: [email protected] > ---
The tests shows that the device is still working with the fix :) Reviewed-by: Benjamin Tissoires <[email protected]> Cheers, Benjamin -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
