Ack: [Lucid][CVE-2013-2889 0/2] HID: zeroplus: validate output report details
Brad Figg
brad.figg at canonical.com
Thu Oct 3 15:51:36 UTC 2013
On 10/03/2013 03:21 AM, Luis Henriques wrote:
> The fix for this CVE is upstream commit
>
> 78214e8 HID: zeroplus: validate output report details
>
> However, it depends on function hid_validate_values(), which was added
> by commit:
>
> 331415f HID: provide a helper for validating hid reports
>
> Following this email, there are two patches that are backports of
> these 2 commits for Lucid.
>
> Kees Cook (2):
> HID: provide a helper for validating hid reports
> HID: zeroplus: validate output report details
>
> drivers/hid/hid-core.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
> drivers/hid/hid-zpff.c | 18 +++++-----------
> include/linux/hid.h | 4 ++++
> 3 files changed, 67 insertions(+), 13 deletions(-)
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list