PT-2013-1024 · Linux+2 · Linux Kernel+2

Kees Cook

·

Published

2013-09-13

·

Updated

2018-01-09

·

CVE-2013-2893

CVSS v2.0

4.7

Medium

VectorAV:L/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.11
Description The issue is related to the Human Interface Device (HID) subsystem in the Linux kernel, which allows physically proximate attackers to cause a denial of service via a crafted device. This is due to a lack of input sanitization in the HID driver for various Logitech devices with feedback, leading to a heap-based out-of-bounds write. The affected components include drivers/hid/hid-lgff.c, drivers/hid/hid-lg3ff.c, and drivers/hid/hid-lg4ff.c.
Recommendations For Linux kernel versions prior to 3.11, update to a version 3.11 or later to resolve the issue. As a temporary workaround, consider disabling the CONFIG LOGITECH FF, CONFIG LOGIG940 FF, or CONFIG LOGIWHEELS FF configurations until a patch is available. Restrict access to the HID subsystem to minimize the risk of exploitation. Avoid using crafted devices that could trigger the denial of service.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1422
BDU:2014-00088
CVE-2013-2893
DSA-2906-1
MGASA-2013-0342
MGASA-2013-0343
MGASA-2013-0344
MGASA-2013-0345
MGASA-2013-0346
MGASA-2013-0371
MGASA-2013-0372
MGASA-2013-0373
MGASA-2013-0374
MGASA-2013-0375
RHSA-2013:1490
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0652-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2015-1
USN-2016-1
USN-2019-1
USN-2020-1
USN-2021-1
USN-2022-1
USN-2023-1
USN-2024-1
USN-2038-1
USN-2039-1
USN-2050-1

Affected Products

Alt Linux
Linux Kernel
Suse