RSS   Vulnerabilities for 'UDEV'   RSS

2011-01-24
 
CVE-2011-0640

CWE-16
 

 
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

 
2010-12-07
 
CVE-2010-4176

CWE-264
 

 
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

 
2009-04-17
 
CVE-2009-1186

CWE-119
 

 
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

 
 
CVE-2009-1185

CWE-20
 

 
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

 

 >>> Vendor: Kernel 6 Products
Linux
Linux kernel
Util-linux
Linux-pam
UDEV
Selinux


Copyright 2024, cxsecurity.com

 

Back to Top