mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-08 01:29:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/include
History
Marc Zyngier a47b8511d9 HID: core: Sanitize event code and type when mapping input 
commit 35556bed83 upstream.

When calling into hid_map_usage(), the passed event code is
blindly stored as is, even if it doesn't fit in the associated bitmap.

This event code can come from a variety of sources, including devices
masquerading as input devices, only a bit more "programmable".

Instead of taking the event code at face value, check that it actually
fits the corresponding bitmap, and if it doesn't:
- spit out a warning so that we know which device is acting up
- NULLify the bitmap pointer so that we catch unexpected uses

Code paths that can make use of untrusted inputs can now check
that the mapping was indeed correct and bail out if not.

Cc: stable@vger.kernel.org
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-09-09 19:04:22 +02:00
..
acpi x86: ACPI: fix CPU hotplug deadlock 2020-04-23 10:30:20 +02:00
asm-generic include/asm-generic/vmlinux.lds.h: align ro_after_init 2020-08-19 08:15:06 +02:00
clocksource
crypto crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock() 2020-07-09 09:37:10 +02:00
drm drm/panel: make drm_panel.h self-contained 2020-01-27 14:51:01 +01:00
dt-bindings dt-bindings: reset: meson8b: fix duplicate reset IDs 2020-01-23 08:21:26 +01:00
keys KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:30:24 +02:00
kvm KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block 2019-08-25 10:47:59 +02:00
linux HID: core: Sanitize event code and type when mapping input 2020-09-09 19:04:22 +02:00
math-emu math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning 2019-12-13 08:51:34 +01:00
media media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros 2020-02-24 08:34:41 +01:00
memory
misc
net net/compat: Add missing sock updates for SCM_RIGHTS 2020-08-21 11:05:32 +02:00
pcmcia
ras
rdma RDMA/core: Fix double destruction of uobject 2020-06-03 08:19:43 +02:00
scsi scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" 2020-02-28 16:38:58 +01:00
soc soc/tegra: pmc: Fix pad voltage configuration for Tegra186 2019-11-20 18:45:24 +01:00
sound ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 2020-07-29 10:16:58 +02:00
target scsi: target: fix hang when multiple threads try to destroy the same iscsi session 2020-04-21 09:03:11 +02:00
trace writeback: Fix sync livelock due to b_dirty_time processing 2020-09-03 11:24:28 +02:00
uapi wireless: Use offsetof instead of custom macro. 2020-08-05 10:06:01 +02:00
video udlfb: introduce a rendering mutex 2019-05-25 18:23:30 +02:00
xen xen/events: fix binding user event channels to cpus 2019-07-26 09:14:25 +02:00