Re: (subset) [PATCH 2/2] HID: multitouch: Check to ensure report responses match the request

Next message: Fernando Fernandez Mancera: "[PATCH 04/10 net-next v3] ipv6: prepare headers for ipv6_stub removal"
Previous message: Fernando Fernandez Mancera: "[PATCH 02/10 net-next v3] ipv6: replace IS_BUILTIN(CONFIG_IPV6) with IS_ENABLED(CONFIG_IPV6)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Benjamin Tissoires

Date: Tue Mar 17 2026 - 10:12:10 EST

On Fri, 27 Feb 2026 16:30:25 +0000, Lee Jones wrote:
> It is possible for a malicious (or clumsy) device to respond to a
> specific report's feature request using a completely different report
> ID. This can cause confusion in the HID core resulting in nasty
> side-effects such as OOB writes.
>
> Add a check to ensure that the report ID in the response, matches the
> one that was requested. If it doesn't, omit reporting the raw event and
> return early.
>
> [...]

Applied, thanks!

[2/2] HID: multitouch: Check to ensure report responses match the request
commit: e716edafedad4952fe3a4a273d2e039a84e8681a

Best regards,
--
Benjamin Tissoires <bentiss@xxxxxxxxxx>