On Wed, Sep 4, 2013 at 6:37 PM, Kees Cook <[email protected]> wrote: > A HID device could send a malicious output report that would cause the > lg, lg3, and lg4 HID drivers to write beyond the output report allocation > during an event, causing a heap overflow: > > [ 325.245240] usb 1-1: New USB device found, idVendor=046d, idProduct=c287 > ... > [ 414.518960] BUG kmalloc-4096 (Not tainted): Redzone overwritten > > Additionally, while lg2 did correctly validate the report details, it was > cleaned up and shortened. > > CVE-2013-2893 > > Signed-off-by: Kees Cook <[email protected]> > Cc: [email protected] > ---
To me, the patch looks good. Reviewed-by: Benjamin Tissoires <[email protected]> Cheers, Benjamin -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
