Vulnerability CVE-2013-2895


Published: 2013-09-16   Modified: 2013-09-17

Description:
drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Linux HID logitech-dj NULL pointer dereference
Kees Cook
02.09.2013

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
7.8/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Complete
Affected software
Linux -> Linux kernel 

 References:
http://openwall.com/lists/oss-security/2013/08/28/13
http://marc.info/?l=linux-input&m=137772188314631&w=1
http://www.ubuntu.com/usn/USN-2050-1
http://www.ubuntu.com/usn/USN-2039-1
http://www.ubuntu.com/usn/USN-2038-1
http://www.ubuntu.com/usn/USN-2024-1
http://www.ubuntu.com/usn/USN-2023-1
http://www.ubuntu.com/usn/USN-2022-1
http://www.ubuntu.com/usn/USN-2021-1
http://www.ubuntu.com/usn/USN-2020-1
http://www.ubuntu.com/usn/USN-2019-1
http://rhn.redhat.com/errata/RHSA-2013-1490.html

Copyright 2024, cxsecurity.com

 

Back to Top