]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
projects / thirdparty / kernel / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 48e91af) | patch
HID: roccat: fix use-after-free in roccat_report_event
authorBenoît Sevens <bsevens@google.com>
Mon, 23 Mar 2026 16:11:07 +0000 (16:11 +0000)
committerJiri Kosina <jkosina@suse.com>
Fri, 27 Mar 2026 10:27:37 +0000 (11:27 +0100)
commitd802d848308b35220f21a8025352f0c0aba15c12
treefdefe42215a684b5d5740b1209cbb3a8623d9013tree | snapshot
parent48e91af0cbe942d50ef6257d850accdca1d01378commit | diff
HID: roccat: fix use-after-free in roccat_report_event

roccat_report_event() iterates over the device->readers list without
holding the readers_lock. This allows a concurrent roccat_release() to
remove and free a reader while it's still being accessed, leading to a
use-after-free.

Protect the readers list traversal with the readers_lock mutex.

Signed-off-by: Benoît Sevens <bsevens@google.com>
Reviewed-by: Silvan Jegen <s.jegen@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
drivers/hid/hid-roccat.c diff | blob | blame | history
A mirror of Linus' kernel repository