This is a note to let you know that I've just added the patch titled HID: core: zero-initialize the report buffer to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: hid-core-zero-initialize-the-report-buffer.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 421e63dd9b749b553a447200cd4760088cb2d994 Author: Jiri Kosina <jikos@xxxxxxxxxx> Date: Tue Oct 29 15:44:35 2024 +0100 HID: core: zero-initialize the report buffer [ Upstream commit 177f25d1292c7e16e1199b39c85480f7f8815552 ] Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. Fixes: 27ce405039bf ("HID: fix data access in implement()") Reported-by: Benoît Sevens <bsevens@xxxxxxxxxx> Acked-by: Benjamin Tissoires <bentiss@xxxxxxxxxx> Signed-off-by: Jiri Kosina <jkosina@xxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 2462be8c4ae65..10ee4d3269b96 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1657,7 +1657,7 @@ u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags) u32 len = hid_report_len(report) + 7; - return kmalloc(len, flags); + return kzalloc(len, flags); } EXPORT_SYMBOL_GPL(hid_alloc_report_buf);