Hi!

I just want to note that while these may not be high-priority, they
are still security holes to be fixed.

quoted

When writing the attached file to /dev/uhid, a NULL dereference occurs
in kernel. As I understand, the problem is not UHID-specific, but is
related to HID subsystem.

Thanks for the report.
I wanted to tell you that I started investigating the other private
report you sent us, but couldn't find the time to properly come with a
fix as the fuzzed data is hard to discriminate from valid data.

A couple of notes though:
- writing to uhid needs to be done by root. Any distribution that
doesn't enforce that is doomed to have several security issues

We want to protect kernel from root, too.

- we could somehow reproduce those fuzzed data on a USB or Bluetooth
connection, but that would require physical access to the device, so
you are doomed also

Not neccessarily. Imagine a kiosk where PC is protected but keyboard
uses USB connection. If our USB stack is buggy, you are doomed... but
you should not be ;-).
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html