NACK: [SRU][N][PATCH 1/1] HID: core: zero-initialize the report buffer
Juerg Haefliger
juerg.haefliger at canonical.com
Mon Mar 10 07:05:09 UTC 2025
On Mon, 10 Mar 2025 07:50:20 +0100
Juerg Haefliger <juerg.haefliger at canonical.com> wrote:
> From: Jiri Kosina <jkosina at suse.com>
>
> Since the report buffer is used by all kinds of drivers in various ways, let's
> zero-initialize it during allocation to make sure that it can't be ever used
> to leak kernel memory via specially-crafted report.
>
> Fixes: 27ce405039bf ("HID: fix data access in implement()")
> Reported-by: BenoƮt Sevens <bsevens at google.com>
> Acked-by: Benjamin Tissoires <bentiss at kernel.org>
> Signed-off-by: Jiri Kosina <jkosina at suse.com>
> (cherry picked from commit 177f25d1292c7e16e1199b39c85480f7f8815552)
> CVE-2024-50302
> Signed-off-by: Juerg Haefliger <juerg.haefliger at canonical.com>
> ---
> drivers/hid/hid-core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 751a73ae7de7..5516edc456b9 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -1875,7 +1875,7 @@ u8 *hid_alloc_report_buf(struct hid_report *report, gfp_t flags)
>
> u32 len = hid_report_len(report) + 7;
>
> - return kmalloc(len, flags);
> + return kzalloc(len, flags);
> }
> EXPORT_SYMBOL_GPL(hid_alloc_report_buf);
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250310/faf4f6fa/attachment.sig>
More information about the kernel-team
mailing list