lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Sep 2022 14:04:15 +0100 From: Lee Jones <lee@...nel.org> To: Silvan Jegen <s.jegen@...il.com> Cc: linux-kernel@...r.kernel.org, Jiri Kosina <jikos@...nel.org>, Benjamin Tissoires <benjamin.tissoires@...hat.com>, linux-input@...r.kernel.org Subject: Re: [RESEND] HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report On Mon, 12 Sep 2022, Silvan Jegen wrote: > Hi > > Lee Jones <lee@...nel.org> wrote: > > On Wed, 03 Aug 2022, Lee Jones wrote: > > > > > It is possible for a malicious device to forgo submitting a Feature > > > Report. The HID Steam driver presently makes no prevision for this > > > and de-references the 'struct hid_report' pointer obtained from the > > > HID devices without first checking its validity. Let's change that. > > > > This patch has been floating around since the beginning of July. > > > > It fixes a real issue which was found by creating a virtual > > (software based) malicious device and registering it as a HID device. > > > > There is nothing preventing a real attacker from creating a H/W > > version of the device in order to instigate an out-of-bounds read, > > potentially leading to a data leak. > > > > Would someone be kind enough to review please? > > AFACT this patch has been applied by Jiri on the 25th of August already. Ah, I missed his reply to the original patch. > Is a review still needed in this case? Certainly not. Thank you for your reply. -- Lee Jones [李琼斯]
Powered by blists - more mailing lists