On 12/09/13 14:39, Josh Boyer wrote: > On Wed, Sep 11, 2013 at 3:56 PM, Benjamin Tissoires > <benjamin.tissoires@xxxxxxxxxx> wrote: >> From: Kees Cook <keescook@xxxxxxxxxxxx> >> >> This driver must validate the availability of the HID output report and >> its size before it can write LED states via buzz_set_leds(). This stops >> a heap overflow that is possible if a device provides a malicious HID >> output report: >> >> [ 108.171280] usb 1-1: New USB device found, idVendor=054c, idProduct=0002 >> ... >> [ 117.507877] BUG kmalloc-192 (Not tainted): Redzone overwritten >> >> CVE-2013-2890 >> >> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> >> Cc: stable@xxxxxxxxxxxxxxx >> Reviewed-by: Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> > > As far as I know, this should be Cc: stable@xxxxxxxxxxxxxxx #3.11, correct? > Yep, for this one, only 3.11 is impacted. Thanks Josh. And sorry for being to lazy to have added the proper tags :( Cheers, Benjamin -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
