[Lucid][CVE-2013-2889 0/2] HID: zeroplus: validate output report details
Luis Henriques
luis.henriques at canonical.com
Thu Oct 3 10:21:17 UTC 2013
The fix for this CVE is upstream commit
78214e8 HID: zeroplus: validate output report details
However, it depends on function hid_validate_values(), which was added
by commit:
331415f HID: provide a helper for validating hid reports
Following this email, there are two patches that are backports of
these 2 commits for Lucid.
Kees Cook (2):
HID: provide a helper for validating hid reports
HID: zeroplus: validate output report details
drivers/hid/hid-core.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
drivers/hid/hid-zpff.c | 18 +++++-----------
include/linux/hid.h | 4 ++++
3 files changed, 67 insertions(+), 13 deletions(-)
--
1.8.3.2
More information about the kernel-team
mailing list