Google Git
Sign in
android / kernel / common / refs/tags/ASB-2020-07-05_3.18-o-mr1
tag9b89dccd9ca57508f28a116b7a65525f4d58cfac
taggerTodd Kjos <tkjos@google.com>Mon Jul 06 13:38:17 2020 -0700
objectbdec384128d253b8870e24bb9c79cec1bc1d057e 
https://source.android.com/security/bulletin/2020-07-01
CVE-2018-20669
CVE-2019-18282
CVE-2019-20636
commitbdec384128d253b8870e24bb9c79cec1bc1d057e[log] [tgz]
authorDmitry Torokhov <dmitry.torokhov@gmail.com>Fri Dec 13 14:56:16 2019 -0800
committerTodd Kjos <tkjos@google.com>Mon Jul 06 09:00:41 2020 -0700
tree760fac9a0b736a42c54115d9b792edce91c3acb0
parent32b03155704ca8520c7e2e4fe54c3a237a91d22e [diff]
Input: add safety guards to input_set_keycode()

commit cb222aed03d798fc074be55e59d9a112338ee784 upstream.

If we happen to have a garbage in input device's keycode table with values
too big we'll end up doing clear_bit() with offset way outside of our
bitmaps, damaging other objects within an input device or even outside of
it. Let's add sanity checks to the returned old keycodes.

Reported-by: syzbot+c769968809f9359b07aa@syzkaller.appspotmail.com
Reported-by: syzbot+76f3a30e88d256644c78@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20191207212757.GA245964@dtor-ws
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Lee Jones <lee.jones@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I41054e1b813f14518498ff10cbfc9f90b3edd62b
1 file changed
tree: 760fac9a0b736a42c54115d9b792edce91c3acb0
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .gitignore
  24. .mailmap
  25. build.config.cuttlefish.x86_64
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS