HID: sensor-hub: validate feature report details
authorKees Cook <keescook@chromium.org>
Wed, 28 Aug 2013 20:31:44 +0000 (22:31 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 27 Sep 2013 00:18:16 +0000 (17:18 -0700)
commita3957df756ccf3a46c24c8e2d4f8b26c932357b3
tree68d32899f4adbbfb225ad490ab4aa3d2c41c5b77
parent469e7f80f25f79a4c11bed47027da81fcf30d045
HID: sensor-hub: validate feature report details

commit 9e8910257397372633e74b333ef891f20c800ee4 upstream.

A HID device could send a malicious feature report that would cause the
sensor-hub HID driver to read past the end of heap allocation, leaking
kernel memory contents to the caller.

CVE-2013-2898

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/hid/hid-sensor-hub.c