| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yx8uT8UEK5GjOOaE@google.com>
Date: Mon, 12 Sep 2022 14:04:15 +0100
From: Lee Jones <lee@...nel.org>
To: Silvan Jegen <s.jegen@...il.com>
Cc: linux-kernel@...r.kernel.org, Jiri Kosina <jikos@...nel.org>,
Benjamin Tissoires <benjamin.tissoires@...hat.com>,
linux-input@...r.kernel.org
Subject: Re: [RESEND] HID: steam: Prevent NULL pointer dereference in
steam_{recv,send}_report
On Mon, 12 Sep 2022, Silvan Jegen wrote:
> Hi
>
> Lee Jones <lee@...nel.org> wrote:
> > On Wed, 03 Aug 2022, Lee Jones wrote:
> >
> > > It is possible for a malicious device to forgo submitting a Feature
> > > Report. The HID Steam driver presently makes no prevision for this
> > > and de-references the 'struct hid_report' pointer obtained from the
> > > HID devices without first checking its validity. Let's change that.
> >
> > This patch has been floating around since the beginning of July.
> >
> > It fixes a real issue which was found by creating a virtual
> > (software based) malicious device and registering it as a HID device.
> >
> > There is nothing preventing a real attacker from creating a H/W
> > version of the device in order to instigate an out-of-bounds read,
> > potentially leading to a data leak.
> >
> > Would someone be kind enough to review please?
>
> AFACT this patch has been applied by Jiri on the 25th of August already.
Ah, I missed his reply to the original patch.
> Is a review still needed in this case?
Certainly not. Thank you for your reply.
--
Lee Jones [李琼斯]
Powered by blists - more mailing lists