breeze/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-01-12 00:42:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2497ff38c530b1af0df5130ca9f5ab22c5e92f29
linux/drivers/hid
History
Kwok Kin Ming 2497ff38c5 HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() 
`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data
into `ihid->rawbuf`.

The former can come from the userspace in the hidraw driver and is only
bounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set
`max_buffer_size` field of `struct hid_ll_driver` which we do not).

The latter has size determined at runtime by the maximum size of
different report types you could receive on any particular device and
can be a much smaller value.

Fix this by truncating `recv_len` to `ihid->bufsize - sizeof(__le16)`.

The impact is low since access to hidraw devices requires root.

Signed-off-by: Kwok Kin Ming <kenkinming2002@gmail.com>
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
2026-01-07 18:35:58 +01:00
..
amd-sfh-hid
HID: amd_sfh: Stop sensor before starting
2025-10-30 11:58:41 +01:00
bpf
HID: bpf: fix bpf compilation with -fms-extensions
2026-01-07 15:03:48 +01:00
i2c-hid
HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()
2026-01-07 18:35:58 +01:00
intel-ish-hid
HID: intel-ish-hid: Reset enum_devices_done before enumeration
2025-12-19 12:11:56 +01:00
intel-thc-hid
HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer
2026-01-07 15:11:39 +01:00
surface-hid
usbhid
HID: usbhid: paper over wrong bNumDescriptor field
2025-12-19 11:50:19 +01:00
.kunitconfig
hid-a4tech.c
hid-accutouch.c
hid-alps.c
hid-apple.c
HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list
2025-10-30 11:54:00 +01:00
hid-appleir.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
hid-appletb-bl.c
hid-appletb-kbd.c
Merge branch 'for-6.17/amd-sfh' into for-linus
2025-07-31 22:36:25 +02:00
hid-asus.c
Merge branch 'for-6.18/asus' into for-linus
2025-09-30 16:45:07 +02:00
hid-aureal.c
hid-axff.c
hid-belkin.c
hid-betopff.c
hid-bigbenff.c
hid-cherry.c
hid-chicony.c
hid-cmedia.c
hid-core.c
HID: bpf: rescan the device for the group after a load/unload
2025-09-12 17:11:55 +02:00
hid-corsair-void.c
HID: corsair-void: Use %pe for printing PTR_ERR
2025-11-18 18:03:48 +01:00
hid-corsair.c
hid-cougar.c
hid-cp2112.c
HID: cp2112: Add parameter validation to data length
2025-10-14 11:46:49 +02:00
hid-creative-sb0540.c
hid-cypress.c
hid-debug.c
HID: hid-debug: Fix spelling mistake "Rechargable" -> "Rechargeable"
2025-10-14 12:56:28 +02:00
hid-dr.c
hid-elan.c
hid-elecom.c
HID: elecom: Add support for ELECOM M-XT3URBK (018F)
2025-11-18 17:54:49 +01:00
hid-elo.c
hid-emsff.c
hid-evision.c
HID: evision: Fix Report Descriptor for Evision Wireless Receiver 320f:226f
2025-11-26 17:17:53 +01:00
hid-ezkey.c
hid-ft260.c
hid-gaff.c
hid-gembird.c
hid-generic.c
drivers: hid: renegotiate resolution multipliers with device after reset
2025-11-26 17:21:48 +01:00
hid-gfrm.c
hid-glorious.c
hid-goodix-spi.c
hid-google-hammer.c
hid-google-stadiaff.c
hid-gt683r.c
hid-gyration.c
hid-haptic.c
Input: rename INPUT_PROP_HAPTIC_TOUCHPAD to INPUT_PROP_PRESSUREPAD
2025-11-17 23:18:32 -08:00
hid-haptic.h
HID: multitouch: add haptic multitouch support
2025-09-15 14:32:55 +02:00
hid-holtek-kbd.c
hid-holtek-mouse.c
hid-holtekff.c
hid-hyperv.c
hid-icade.c
hid-ids.h
HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
2026-01-07 15:20:51 +01:00
hid-input-test.c
HID: input: rename hidinput_set_battery_charge_status()
2025-08-20 20:03:39 +02:00
hid-input.c
Merge branch 'for-6.19/core' into for-linus
2025-12-02 14:55:26 +01:00
hid-ite.c
hid-jabra.c
hid-kensington.c
hid-keytouch.c
hid-kye.c
hid-kysona.c
hid-lcpower.c
hid-led.c
hid-lenovo.c
HID: lenovo: fixup Lenovo Yoga Slim 7x Keyboard rdesc
2025-10-30 11:40:52 +01:00
hid-letsketch.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
hid-lg2ff.c
hid-lg3ff.c
hid-lg4ff.c
HID: replace scnprintf() with sysfs_emit()
2025-06-20 09:14:43 +02:00
hid-lg4ff.h
hid-lg-g15.c
HID: hid-lg-g15: Add hw_brightness_changed support for the G510 keyboard
2025-10-14 11:50:25 +02:00
hid-lg.c
hid-lg.h
hid-lgff.c
hid-logitech-dj.c
Merge branch 'for-6.19/logitech' into for-linus
2025-12-02 14:48:03 +01:00
hid-logitech-hidpp.c
Merge branch 'for-6.19/logitech' into for-linus
2025-12-02 14:48:03 +01:00
hid-macally.c
hid-magicmouse.c
HID: magicmouse: use secs_to_jiffies() for battery timeout
2025-07-03 09:41:57 +02:00
hid-maltron.c
hid-mcp2200.c
treewide: rename GPIO set callbacks back to their original names
2025-08-07 10:07:06 +02:00
hid-mcp2221.c
Merge tag 'hid-for-linus-2025082901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
2025-08-29 07:44:14 -07:00
hid-megaworld.c
hid-mf.c
hid-microsoft.c
hid-monterey.c
hid-multitouch.c
HID: multitouch: set INPUT_PROP_PRESSUREPAD based on Digitizer/Button Type
2026-01-07 15:28:09 +01:00
hid-nintendo.c
HID: nintendo: add WQ_PERCPU to alloc_workqueue users
2025-11-07 17:58:46 +01:00
hid-nti.c
hid-ntrig.c
HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
2025-10-31 09:57:10 +01:00
hid-nvidia-shield.c
hid-ortek.c
hid-penmount.c
hid-petalynx.c
hid-picolcd_backlight.c
hid-picolcd_cir.c
hid-picolcd_core.c
hid-picolcd_debugfs.c
hid-picolcd_fb.c
hid-picolcd_lcd.c
hid-picolcd_leds.c
hid-picolcd.h
hid-pl.c
hid-plantronics.c
hid-playstation.c
HID: playstation: Center initial joystick axes to prevent spurious events
2025-12-19 12:07:30 +01:00
hid-primax.c
hid-prodikeys.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
hid-pxrc.c
hid-quirks.c
HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list
2026-01-07 15:20:51 +01:00
hid-razer.c
hid-redragon.c
hid-retrode.c
hid-rmi.c
hid-roccat-arvo.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-arvo.h
hid-roccat-common.c
hid-roccat-common.h
sysfs: treewide: switch back to bin_attribute::read()/write()
2025-06-17 10:44:13 +02:00
hid-roccat-isku.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-isku.h
hid-roccat-kone.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-kone.h
hid-roccat-koneplus.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-koneplus.h
hid-roccat-konepure.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-kovaplus.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-kovaplus.h
hid-roccat-lua.c
sysfs: treewide: switch back to bin_attribute::read()/write()
2025-06-17 10:44:13 +02:00
hid-roccat-lua.h
hid-roccat-pyra.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-pyra.h
hid-roccat-ryos.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-savu.c
sysfs: treewide: switch back to attribute_group::bin_attrs
2025-06-17 10:44:15 +02:00
hid-roccat-savu.h
hid-roccat.c
hid-saitek.c
hid-samsung.c
hid-semitek.c
hid-sensor-custom.c
hid-sensor-hub.c
hid-sigmamicro.c
hid-sjoy.c
hid-sony.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
hid-speedlink.c
hid-steam.c
HID: hid-steam: Use new BTN_GRIP* buttons
2025-08-06 10:02:28 -07:00
hid-steelseries.c
HID: steelseries: Fix STEELSERIES_SRWS1 handling in steelseries_remove()
2025-09-12 16:27:35 +02:00
hid-sunplus.c
hid-thrustmaster.c
hid-tivo.c
hid-tmff.c
hid-topre.c
hid-topseed.c
hid-twinhan.c
hid-u2fzero.c
hid-uclogic-core-test.c
hid-uclogic-core.c
HID: uclogic: Add support for the XP-PEN Artist 24 Pro
2025-10-14 12:01:34 +02:00
hid-uclogic-params-test.c
hid-uclogic-params.c
Merge branch 'for-6.19/uclogic' into for-linus
2025-12-02 14:44:41 +01:00
hid-uclogic-params.h
HID: uclogic: Add support for the XP-PEN Artist 24 Pro
2025-10-14 12:01:34 +02:00
hid-uclogic-rdesc-test.c
hid-uclogic-rdesc.c
HID: uclogic: Add support for the XP-PEN Artist 24 Pro
2025-10-14 12:01:34 +02:00
hid-uclogic-rdesc.h
HID: uclogic: Add support for the XP-PEN Artist 24 Pro
2025-10-14 12:01:34 +02:00
hid-udraw-ps3.c
hid-universal-pidff.c
HID: universal-pidff: clang-format pass
2025-08-15 15:58:10 +02:00
hid-viewsonic.c
hid-vivaldi-common.c
hid-vivaldi-common.h
hid-vivaldi.c
hid-vrc2.c
hid-waltop.c
hid-wiimote-core.c
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
hid-wiimote-debug.c
hid-wiimote-modules.c
hid-wiimote.h
hid-winwing.c
HID: winwing: Improve Orion2 throttle support
2025-10-14 11:20:21 +02:00
hid-xiaomi.c
hid-xinmo.c
hid-zpff.c
hid-zydacron.c
hidraw.c
HID: hidraw: tighten ioctl command parsing
2025-09-17 11:37:23 +02:00
Kconfig
Merge branch 'for-6.19/nintendo' into for-linus
2025-12-02 14:46:11 +01:00
Makefile
HID: haptic: introduce hid_haptic_device
2025-09-15 14:32:54 +02:00
uhid.c
wacom_sys.c
HID: wacom: fix crash in wacom_aes_battery_handler()
2025-06-11 00:27:10 +02:00
wacom_wac.c
HID: wacom: Add a new Art Pen 2
2025-08-12 14:56:35 +02:00
wacom_wac.h
wacom.h