linux/drivers
Kees Cook 0fb6bd06e0 HID: LG: validate HID output report details
A HID device could send a malicious output report that would cause the
lg, lg3, and lg4 HID drivers to write beyond the output report allocation
during an event, causing a heap overflow:

[  325.245240] usb 1-1: New USB device found, idVendor=046d, idProduct=c287
...
[  414.518960] BUG kmalloc-4096 (Not tainted): Redzone overwritten

Additionally, while lg2 did correctly validate the report details, it was
cleaned up and shortened.

CVE-2013-2893

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13 15:12:39 +02:00
..
accessibility
acpi Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-09-05 09:31:03 -07:00
amba
ata Merge branch 'for-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2013-09-03 18:19:53 -07:00
atm atm: he: print MAC via %pM 2013-09-04 14:41:55 -04:00
auxdisplay
base Merge branch 'next' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2013-09-04 18:15:06 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
bluetooth
bus ARM: SoC platform changes for 3.12 2013-09-06 13:30:06 -07:00
cdrom
char Merge branch 'ipmi' 2013-09-05 08:34:38 -07:00
clk ARM: SoC platform changes for 3.12 2013-09-06 13:30:06 -07:00
clocksource ARM: SoC board updates for 3.12 2013-09-06 13:34:43 -07:00
connector
cpufreq ACPI and power management updates for 3.12-rc1 2013-09-03 15:59:39 -07:00
cpuidle cpuidle: coupled: fix race condition between pokes and safe state 2013-08-29 22:15:34 +02:00
crypto
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-09-05 08:50:26 -07:00
edac Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile 2013-09-06 11:14:33 -07:00
eisa
extcon Driver core patches for 3.12-rc1 2013-09-03 11:37:15 -07:00
firewire
firmware Big part of this is the addition of compression to the 2013-09-03 21:14:06 -07:00
fmc
gpio gpio: (gpio-pca953x) move header to linux/platform_data/ 2013-08-29 12:33:52 -07:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
hid HID: LG: validate HID output report details 2013-09-13 15:12:39 +02:00
hsi
hv Drivers: hv: vmbus: Do not attempt to negoatiate a new version prematurely 2013-08-30 12:08:04 -07:00
hwmon New driver for HTU21D (humidity sensor) 2013-09-03 10:43:35 -07:00
hwspinlock
i2c i2c: rcar: add rcar-H2 support 2013-09-04 11:49:16 +01:00
ide ide: sgiioc4: Staticize ioc4_ide_attach_one() 2013-09-05 15:21:30 -04:00
idle
iio staging tree merge for 3.12-rc1 2013-09-03 11:37:57 -07:00
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
input ARM: SoC DT updates for 3.12 2013-09-06 13:26:27 -07:00
iommu
ipack
irqchip ARM: SoC cleanups for 3.12 2013-09-06 13:21:16 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
leds ARM: SoC board updates for 3.12 2013-09-06 13:34:43 -07:00
lguest
macintosh
mailbox
md SCSI misc on 20130903 2013-09-03 15:48:06 -07:00
media Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-09-06 10:49:42 -07:00
memory ARM: SoC platform changes for 3.12 2013-09-06 13:30:06 -07:00
memstick
message
mfd ARM: SoC low-priority fixes for 3.12 2013-09-06 13:17:02 -07:00
misc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-09-05 08:50:26 -07:00
mmc ARM: SoC board updates for 3.12 2013-09-06 13:34:43 -07:00
mtd
net Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
nfc
ntb
nubus
of ARM: SoC platform changes for 3.12 2013-09-06 13:30:06 -07:00
oprofile oprofile: get rid of pointless forward declarations of struct super_block 2013-09-03 22:52:48 -04:00
parisc PCI changes for the v3.12 merge window: 2013-09-03 16:24:35 -07:00
parport drivers: parport: Kconfig: exclude h8300 for PARPORT_PC 2013-08-30 12:08:04 -07:00
pci ARM: SoC platform changes for 3.12 2013-09-06 13:30:06 -07:00
pcmcia
pinctrl PTR_RET() is a weird name, and led to some confusing usage. We ended 2013-09-04 17:31:11 -07:00
platform PTR_RET() is a weird name, and led to some confusing usage. We ended 2013-09-04 17:31:11 -07:00
pnp
power
pps
ps3
ptp
pwm ARM: SoC cleanups for 3.12 2013-09-06 13:21:16 -07:00
rapidio
regulator PTR_RET() is a weird name, and led to some confusing usage. We ended 2013-09-04 17:31:11 -07:00
remoteproc
reset
rpmsg
rtc PTR_RET() is a weird name, and led to some confusing usage. We ended 2013-09-04 17:31:11 -07:00
s390 SCSI misc on 20130903 2013-09-03 15:48:06 -07:00
sbus
scsi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
sfi
sh
sn
spi ARM: SoC DT updates for 3.12 2013-09-06 13:26:27 -07:00
ssb
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-09-05 14:54:29 -07:00
target target: Fix se_cmd->state_list leak regression during WRITE failure 2013-08-31 15:19:12 -07:00
tc
thermal
tty ARM: SoC DT updates for 3.12 2013-09-06 13:26:27 -07:00
uio Driver core patches for 3.12-rc1 2013-09-03 11:37:15 -07:00
usb Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-09-06 10:49:42 -07:00
uwb
vfio
vhost vhost_net: correctly limit the max pending buffers 2013-09-03 22:46:58 -04:00
video ARM: SoC board updates for 3.12 2013-09-06 13:34:43 -07:00
virt
virtio
vlynq
vme vme: vme_ca91cx42.c: fix to pass correct device identity to free_irq() 2013-08-27 21:49:26 -07:00
w1
watchdog
xen Features: 2013-09-04 17:45:39 -07:00
zorro
Kconfig
Makefile