diff options
author | James Forshaw <forshaw@google.com> | 2014-08-23 14:39:48 -0700 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2014-09-13 23:41:46 +0100 |
commit | f92c5bd2c6fcbc55377645c6c023dff1e8849c3b (patch) | |
tree | 499ff9959ea1102a3367cfce46f04a1c56625ec5 /drivers/hid/hid-logitech-dj.c | |
parent | 328538d74181a95fa26fa354314f6079945fd5ee (diff) |
USB: whiteheat: Added bounds checking for bulk command response
commit 6817ae225cd650fb1c3295d769298c38b1eba818 upstream.
This patch fixes a potential security issue in the whiteheat USB driver
which might allow a local attacker to cause kernel memory corrpution. This
is due to an unchecked memcpy into a fixed size buffer (of 64 bytes). On
EHCI and XHCI busses it's possible to craft responses greater than 64
bytes leading a buffer overflow.
Signed-off-by: James Forshaw <forshaw@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'drivers/hid/hid-logitech-dj.c')
0 files changed, 0 insertions, 0 deletions