This is a note to let you know that I've just added the patch titled HID: hid-lg4ff: Add check for empty lbuf to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: hid-hid-lg4ff-add-check-for-empty-lbuf.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From d180b6496143cd360c5d5f58ae4b9a8229c1f344 Mon Sep 17 00:00:00 2001 From: Anastasia Belova <abelova@xxxxxxxxxxxxx> Date: Fri, 11 Nov 2022 15:55:11 +0300 Subject: HID: hid-lg4ff: Add check for empty lbuf From: Anastasia Belova <abelova@xxxxxxxxxxxxx> commit d180b6496143cd360c5d5f58ae4b9a8229c1f344 upstream. If an empty buf is received, lbuf is also empty. So lbuf is accessed by index -1. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: f31a2de3fe36 ("HID: hid-lg4ff: Allow switching of Logitech gaming wheels between compatibility modes") Signed-off-by: Anastasia Belova <abelova@xxxxxxxxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/hid/hid-lg4ff.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/drivers/hid/hid-lg4ff.c +++ b/drivers/hid/hid-lg4ff.c @@ -880,6 +880,12 @@ static ssize_t lg4ff_alternate_modes_sto return -ENOMEM; i = strlen(lbuf); + + if (i == 0) { + kfree(lbuf); + return -EINVAL; + } + if (lbuf[i-1] == '\n') { if (i == 1) { kfree(lbuf); Patches currently in stable-queue which might be from abelova@xxxxxxxxxxxxx are queue-4.14/hid-hid-lg4ff-add-check-for-empty-lbuf.patch