Linux Kernel HID PlayStation DualShock 4 Touch Report Handling Vulnerability

A vulnerability in the Linux kernel's handling of PlayStation DualShock 4 controllers can lead to a buffer overflow. The issue arises in the 'dualshock4_parse_report' function, where the number of touch reports from the controller is not properly validated. This can cause the function to read past the end of the touch reports array, potentially leaking data through the evdev interface if certain conditions are met. The vulnerability affects the HID subsystem, specifically in the management of DualShock 4 touchpad input.

Impact

Exploitation of this vulnerability can cause a buffer overflow, leading to memory corruption. In this case, it could allow for arbitrary data to be read and potentially misused, such as being sent to user space via the evdev interface.

Reproduction

To reproduce this vulnerability, connect a PlayStation DualShock 4 controller to a device running an affected version of the Linux kernel. The vulnerability can be triggered by the controller sending a report that includes an exaggerated number of touch points, which the 'dualshock4_parse_report' function will process without proper validation. This will cause the function to read past the allocated array for touch reports, creating a buffer overflow situation.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.