mirror of
https://github.com/torvalds/linux.git
synced 2024-12-30 06:41:43 +00:00
7992c18810
CVE-2018-9363
The buffer length is unsigned at all layers, but gets cast to int and
checked in hidp_process_report and can lead to a buffer overflow.
Switch len parameter to unsigned int to resolve issue.
This affects 3.18 and newer kernels.
Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Fixes:
|
||
---|---|---|
.. | ||
core.c | ||
hidp.h | ||
Kconfig | ||
Makefile | ||
sock.c |