Re: [PATCH 3.4-stable][CVE] HID: picolcd_core: validate output report details

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 6, 2013 at 1:46 AM, Kefeng Wang <wangkefeng.wang@xxxxxxxxxx> wrote:
> Hi Kees, Jiri or Greg,
>
> This patch has been backported to 3.2 stable tree.
> It is a CVE bugfix, and looks applicable to stable-3.4.
> It prevents from triggering a NULL dereference during
> atrr file writing if a HID device send a malicious output
> report.
>
> NOTE:
> Rename file drivers/hid/hid-picolcd_core.c
>         ->  drivers/hid/hid-picolcd.c.

Ah! Good call, yes. This should be applied to stable-3.4. Thanks for
fixing it up!

-Kees

-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]