In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < 2423b60a2d6d27e5f66c5021b494463aef2db212 |
| n/a | n/a | < a07f698084412a3ef5e950fcac1d6b0f53289efd |