Bluetooth: hidp: buffer overflow in hidp_process_report - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Mark Salyzyn <[email protected]>	2018-07-31 15:02:13 -0700
committer	Marcel Holtmann <[email protected]>	2018-08-01 09:12:35 +0200
commit	7992c18810e568b95c869b227137a2215702a805 (patch)
tree	33bfb84fe8b5236a5793fdd114f04eaed65fc8c9 /scripts/gdb/linux/utils.py
parent	b3cadaa485f0c20add1644a5c877b0765b285c0c (diff)

Bluetooth: hidp: buffer overflow in hidp_process_report

CVE-2018-9363 The buffer length is unsigned at all layers, but gets cast to int and checked in hidp_process_report and can lead to a buffer overflow. Switch len parameter to unsigned int to resolve issue. This affects 3.18 and newer kernels. Signed-off-by: Mark Salyzyn <[email protected]> Fixes: a4b1b5877b514b276f0f31efe02388a9c2836728 ("HID: Bluetooth: hidp: make sure input buffers are big enough") Cc: Marcel Holtmann <[email protected]> Cc: Johan Hedberg <[email protected]> Cc: "David S. Miller" <[email protected]> Cc: Kees Cook <[email protected]> Cc: Benjamin Tissoires <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Acked-by: Kees Cook <[email protected]> Signed-off-by: Marcel Holtmann <[email protected]>

Diffstat (limited to 'scripts/gdb/linux/utils.py')

0 files changed, 0 insertions, 0 deletions