)]}'
{
  "commit": "6522ecbcd122083c8dfdc07e383fdd7056094530",
  "tree": "5ecf01cfd38c0fd5f2d0b85faa75f2ab5ae1d781",
  "parents": [
    "75780ca4c6a874eb820f4133ee468fe8a6d3624b"
  ],
  "author": {
    "name": "Muhammad Bilal",
    "email": "meatuni001@gmail.com",
    "time": "Wed May 20 18:56:43 2026 -0400"
  },
  "committer": {
    "name": "Luiz Augusto von Dentz",
    "email": "luiz.von.dentz@intel.com",
    "time": "Thu May 21 11:10:30 2026 -0400"
  },
  "message": "Bluetooth: HIDP: fix missing length checks in hidp_input_report()\n\nhidp_input_report() reads keyboard and mouse payload data from an skb\nwithout first verifying that skb-\u003elen contains enough data.\n\nhidp_recv_intr_frame() pulls the 1-byte HIDP header before dispatching\nto hidp_input_report(). If a paired device sends a truncated packet,\nthe handler reads beyond the valid skb data, resulting in an\nout-of-bounds read of skb data. The OOB bytes may be interpreted as\nphantom key presses or spurious mouse movement.\n\nReplace the open-coded length tracking and pointer arithmetic with\nskb_pull_data() calls. skb_pull_data() returns NULL if the requested\nbytes are not present, eliminating the need for a manual size variable\nand the separate skb-\u003elen guard.\n\nFixes: 1da177e4c3f4 (\"Linux-2.6.12-rc2\")\nCc: stable@vger.kernel.org\nSigned-off-by: Muhammad Bilal \u003cmeatuni001@gmail.com\u003e\nSigned-off-by: Luiz Augusto von Dentz \u003cluiz.von.dentz@intel.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "976f91eeb745e4925f2c5c2da6c318eb0bfa308d",
      "old_mode": 33188,
      "old_path": "net/bluetooth/hidp/core.c",
      "new_id": "70344bd3248a241e7284136bfe13a3b4ae70dbe9",
      "new_mode": 33188,
      "new_path": "net/bluetooth/hidp/core.c"
    }
  ]
}