On Wed, Sep 4, 2013 at 6:37 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > A HID device could send a malicious output report that would cause the > lg, lg3, and lg4 HID drivers to write beyond the output report allocation > during an event, causing a heap overflow: > > [ 325.245240] usb 1-1: New USB device found, idVendor=046d, idProduct=c287 > ... > [ 414.518960] BUG kmalloc-4096 (Not tainted): Redzone overwritten > > Additionally, while lg2 did correctly validate the report details, it was > cleaned up and shortened. > > CVE-2013-2893 > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > Cc: stable@xxxxxxxxxx > --- To me, the patch looks good. Reviewed-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> Cheers, Benjamin -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
