On Sun, 10 Aug 2025 19:10:41 +0100, Qasim Ijaz wrote:
> After hid_hw_start() is called hidinput_connect() will eventually be
> called to set up the device with the input layer since the
> HID_CONNECT_DEFAULT connect mask is used. During hidinput_connect()
> all input and output reports are processed and corresponding hid_inputs
> are allocated and configured via hidinput_configure_usages(). This
> process involves slot tagging report fields and configuring usages
> by setting relevant bits in the capability bitmaps. However it is possible
> that the capability bitmaps are not set at all leading to the subsequent
> hidinput_has_been_populated() check to fail leading to the freeing of the
> hid_input and the underlying input device.
>
> [...]
Applied to hid/hid.git (for-6.17/upstream-fixes), thanks!
[1/1] HID: asus: fix UAF via HID_CLAIMED_INPUT validation
https://git.kernel.org/hid/hid/c/d3af6ca9a8c3
Cheers,
--
Benjamin Tissoires <bentiss@xxxxxxxxxx>
