PT-2013-1024 · Linux+2 · Linux Kernel+2

Kees Cook

·

Publicado

2013-09-13

·

Atualizado

2018-01-09

·

CVE-2013-2893

CVSS v2.0

4.7

Média

VetorAV:L/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.11
Description The issue is related to the Human Interface Device (HID) subsystem in the Linux kernel, which allows physically proximate attackers to cause a denial of service via a crafted device. This is due to a lack of input sanitization in the HID driver for various Logitech devices with feedback, leading to a heap-based out-of-bounds write. The affected components include drivers/hid/hid-lgff.c, drivers/hid/hid-lg3ff.c, and drivers/hid/hid-lg4ff.c.
Recommendations For Linux kernel versions prior to 3.11, update to a version 3.11 or later to resolve the issue. As a temporary workaround, consider disabling the CONFIG LOGITECH FF, CONFIG LOGIG940 FF, or CONFIG LOGIWHEELS FF configurations until a patch is available. Restrict access to the HID subsystem to minimize the risk of exploitation. Avoid using crafted devices that could trigger the denial of service.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-1422
BDU:2014-00088
CVE-2013-2893
DSA-2906-1
MGASA-2013-0342
MGASA-2013-0343
MGASA-2013-0344
MGASA-2013-0345
MGASA-2013-0346
MGASA-2013-0371
MGASA-2013-0372
MGASA-2013-0373
MGASA-2013-0374
MGASA-2013-0375
RHSA-2013:1490
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2015-1
USN-2016-1
USN-2019-1
USN-2020-1
USN-2021-1
USN-2022-1
USN-2023-1
USN-2024-1
USN-2038-1
USN-2039-1
USN-2050-1

Produtos afetados

Alt Linux
Linux Kernel
Suse