Commit 7992c188 authored Jul 31, 2018 by Mark Salyzyn Committed by Marcel Holtmann Aug 01, 2018

Bluetooth: hidp: buffer overflow in hidp_process_report



CVE-2018-9363

The buffer length is unsigned at all layers, but gets cast to int and
checked in hidp_process_report and can lead to a buffer overflow.
Switch len parameter to unsigned int to resolve issue.

This affects 3.18 and newer kernels.

Signed-off-by: Mark Salyzyn <salyzyn@android.com>
Fixes: a4b1b587 ("HID: Bluetooth: hidp: make sure input buffers are big enough")
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Kees Cook <keescook@chromium.org>
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: linux-bluetooth@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: security@kernel.org
Cc: kernel-team@android.com
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

parent b3cadaa4

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 7827df0f
· Nov 05, 2025

mentioned in commit 7827df0f

mentioned in commit 7827df0f4a03398b0886444b6e0958ee20d87620

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit adba817f
· Nov 05, 2025

mentioned in commit adba817f

mentioned in commit adba817fe62df5cb22c2cfb9cc42780d78d035c3

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 9a92bda6
· Nov 05, 2025

mentioned in commit 9a92bda6

mentioned in commit 9a92bda66b99d44154eca21890353911f03237b4

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 6171c703
· Nov 05, 2025

mentioned in commit 6171c703

mentioned in commit 6171c70350048cf43d2a848bed4f05a5e6b83936

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 5626aa2b
· Nov 05, 2025

mentioned in commit 5626aa2b

mentioned in commit 5626aa2b337d8a570ad7f1e6ab18b4296172301b

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 0734e935
· Nov 05, 2025

mentioned in commit 0734e935

mentioned in commit 0734e93563d15244563050840999ab1127d946e2

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit cb08cc23
· Nov 05, 2025

mentioned in commit cb08cc23

mentioned in commit cb08cc2329b9f1de7a4d3bef35825dfd17c5dc73

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 58bfceb0
· Nov 05, 2025

mentioned in commit 58bfceb0

mentioned in commit 58bfceb0275f8ada9e8816c12902f63e524d1243

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 1241e6c7
· Nov 05, 2025

mentioned in commit 1241e6c7

mentioned in commit 1241e6c746187baccacea96ee0741752b0030cf5

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 3154b3f0
· Nov 05, 2025

mentioned in commit 3154b3f0

mentioned in commit 3154b3f0f7395087f412ab582314315a17465f70

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 8a67b428
· Nov 05, 2025

mentioned in commit 8a67b428

mentioned in commit 8a67b42846a405788f596056d80e96c484f3ae38

Toggle commit list

Please to comment