drivers/hid/hid-picolcd_core.c · 22e04f6b4b04a8afe9af9239224591d06ba3b24d · nexedi / linux

HID: picolcd_core: validate output report details · 1e87a245

Kees Cook authored Aug 28, 2013

A HID device could send a malicious output report that would cause the
picolcd HID driver to trigger a NULL dereference during attr file writing.

[jkosina@suse.cz: changed

	report->maxfield < 1

to

	report->maxfield != 1

as suggested by Bruno].

CVE-2013-2899
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@kernel.org
Reviewed-by: Bruno Prémont <bonbons@linux-vserver.org>
Acked-by: Bruno Prémont <bonbons@linux-vserver.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

1e87a245

hid-picolcd_core.c 18.9 KB

Replace hid-picolcd_core.c