HID: make arrays usage and value to be the same (a6a13f48) · Commits · Summer2022 / 22b970495

Commit a6a13f48 authored 3 years ago by

Will McVicker Committed by Yang Yingliang 3 years ago

HID: make arrays usage and value to be the same


stable inclusion
from linux-4.19.178
commit ffca531f71d078c6caf752d64bc2a592f420f7c6
CVE: CVE-2021-0512

--------------------------------

commit ed9be64eefe26d7d8b0b5b9fa3ffdf425d87a01f upstream.

The HID subsystem allows an "HID report field" to have a different
number of "values" and "usages" when it is allocated. When a field
struct is created, the size of the usage array is guaranteed to be at
least as large as the values array, but it may be larger. This leads to
a potential out-of-bounds write in
__hidinput_change_resolution_multipliers() and an out-of-bounds read in
hidinput_count_leds().

To fix this, let's make sure that both the usage and value arrays are
the same size.

Cc: stable@vger.kernel.org
Signed-off-by: Will McVicker <willmcvicker@google.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujian...

parent d2eb9c1d

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 3 additions and 3 deletions

Please register or to comment