Description
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.
Product status
dde5845a529ff753364a6d1aea61180946270bfa before d3b504146c111548ab60b6ef7aad00bfb1db05a2
dde5845a529ff753364a6d1aea61180946270bfa before 8b4a94b1510f6a46ec48494b52ee8f67eb4fc836
dde5845a529ff753364a6d1aea61180946270bfa before 865ad8469fa24de1559f247d9426ab01e5ce3a56
dde5845a529ff753364a6d1aea61180946270bfa before a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd
2.6.20
Any version before 2.6.20
6.12.46
6.15.10
6.16.1
6.17
References
git.kernel.org/...c/d3b504146c111548ab60b6ef7aad00bfb1db05a2
git.kernel.org/...c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836
git.kernel.org/...c/865ad8469fa24de1559f247d9426ab01e5ce3a56
git.kernel.org/...c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd
