Linux Kernel HID Multitouch Report ID Mismatch Vulnerability

A vulnerability in the Linux kernel's HID multitouch driver allows a device to respond to feature requests with incorrect report IDs. This mismatch can confuse the HID core, potentially leading to out-of-bounds writes. The issue has been addressed by adding a check to ensure the report ID in the response matches the requested ID. If there is a discrepancy, the raw event is not reported, and the function returns early.

Impact

The vulnerability could be exploited by a malicious device to cause out-of-bounds writes in the HID core, potentially leading to memory corruption or other unintended side effects.

Reproduction

The vulnerability can be reproduced by connecting a device that responds to HID feature requests with incorrect report IDs. This can be done by using a custom device or modifying the behavior of an existing one to send incorrect report IDs in response to feature requests.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found on the official Linux kernel website.