On Wed, Sep 4, 2013 at 6:37 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > This driver must validate the availability of the HID output report and > its size before it can write LED states via buzz_set_leds(). This stops > a heap overflow that is possible if a device provides a malicious HID > output report: > > [ 108.171280] usb 1-1: New USB device found, idVendor=054c, idProduct=0002 > ... > [ 117.507877] BUG kmalloc-192 (Not tainted): Redzone overwritten > > CVE-2013-2890 > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: stable@xxxxxxxxxx > --- The tests shows that the device is still working with the fix :) Reviewed-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> Cheers, Benjamin -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
