Re: [PATCH] HID: playstation: validate num_touch_reports in DualShock 4 reports

Next message: Conor Dooley: "Re: [PATCH v7 1/6] dt-bindings: iio: adc: add AD4691 family"
Previous message: Zi Yan: "Re: [PATCH v3 09/10] mm: thp: always enable mTHP support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiri Kosina

Date: Thu Apr 09 2026 - 11:56:54 EST

Dear FirstName LastName,

there seems to be a way to fix in your mail setup configuration :)

On Mon, 23 Mar 2026, FirstName LastName wrote:

> From: Beno=C3=AEt Sevens <bsevens@xxxxxxxxxx>
>
> The DualShock 4 HID driver fails to validate the num_touch_reports field
> received from the device in both USB and Bluetooth input reports.
> A malicious device could set this field to a value larger than the
> allocated size of the touch_reports array (3 for USB, 4 for Bluetooth),
> leading to an out-of-bounds read in dualshock4_parse_report().
>
> This can result in kernel memory disclosure when processing malicious
> HID reports.
>
> Validate num_touch_reports against the array size for the respective
> connection types before processing the touch data.
>
> Signed-off-by: Beno=C3=AEt Sevens <bsevens@xxxxxxxxxx>

Applied now to hid.git#for-7.0/upstream-fixes, thanks!

--
Jiri Kosina
SUSE Labs