ACK: [SRU OEM-5.17, OEM-6.0 PATCH 0/1] CVE-2023-1073
John Cabaj
john.cabaj at canonical.com
Thu Jun 1 03:52:38 UTC 2023
On 5/31/23 9:53 PM, Cengiz Can wrote:
> [Impact]
> A memory corruption flaw was found in the Linux kernel’s human interface device
> (HID) subsystem in how a user inserts a malicious USB device. This flaw allows
> a local user to crash or potentially escalate their privileges on the system.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Compile and boot tested.
>
> [Potential regression]
> Low. Only modifies list_entry usage to be list_first_entry_or_null instead.
>
> Pietro Borrello (1):
> HID: check empty report_list in hid_validate_values()
>
> drivers/hid/hid-core.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
Acked-by: John Cabaj <john.cabaj at canonical.com>
More information about the kernel-team
mailing list