PT-2013-1023 · Linux+4 · Linux Kernel+4

Kees Cook

Published

2013-09-13

Updated

2018-01-09

CVE-2013-2889

CVSS v2.0

4.7

Medium

Vector

AV:L/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.11

Description The issue is related to a lack of input data clearing in the HID driver for Zeroplus game controllers, leading to a local denial of service. Specifically, in the Linux kernel, the drivers/hid/hid-zpff.c file in the Human Interface Device (HID) subsystem is affected when CONFIG HID ZEROPLUS is enabled. This allows physically proximate attackers to cause a denial of service via a crafted device, resulting in a heap-based out-of-bounds write.

Recommendations For Linux kernel versions prior to 3.11, consider disabling the CONFIG HID ZEROPLUS configuration to minimize the risk of exploitation until a patch is available.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2013-1178

ALT-PU-2014-1422

BDU:2014-00087

CESA-2013_1645

CVE-2013-2889

DSA-2906-1

MGASA-2013-0342

MGASA-2013-0343

MGASA-2013-0344

MGASA-2013-0345

MGASA-2013-0346

MGASA-2013-0371

MGASA-2013-0372

MGASA-2013-0373

MGASA-2013-0374

MGASA-2013-0375

OPENSUSE-SU-2014_1669-1

RHSA-2013:1527

RHSA-2013:1645

RHSA-2013_1645

SUSE-RU-2015:0621-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2015-1

USN-2016-1

USN-2019-1

USN-2020-1

USN-2021-1

USN-2022-1

USN-2023-1

USN-2024-1

USN-2038-1

USN-2039-1

USN-2050-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2013-1023 · Linux+4 · Linux Kernel+4

CVE-2013-2889

Weakness Enumeration

Related Identifiers

Affected Products

References · 661