Commit 48c96b7e authored Sep 28, 2025 by Zhen Ni Committed by Greg Kroah-Hartman Oct 15, 2025

Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak



commit d3366a04 upstream.

Struct ff_effect_compat is embedded twice inside
uinput_ff_upload_compat, contains internal padding. In particular, there
is a hole after struct ff_replay to satisfy alignment requirements for
the following union member. Without clearing the structure,
copy_to_user() may leak stack data to userspace.

Initialize ff_up_compat to zero before filling valid fields.

Fixes: 2d56f3a3 ("Input: refactor evdev 32bit compat to be shareable with uinput")
Cc: stable@vger.kernel.org
Signed-off-by: Zhen Ni <zhen.ni@easystack.cn>
Link: https://lore.kernel.org/r/20250928063737.74590-1-zhen.ni@easystack.cn


Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 2c988e1f

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 97009641
· Nov 05, 2025

mentioned in commit 97009641

mentioned in commit 970096412ba737d7ed592490e9aefc2a2e5a0f02

Toggle commit list

Please to comment