Vulnerability-Lookup

CERTA-2013-AVI-656

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance, un déni de service, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 12.10
Ubuntu	Ubuntu	Ubuntu 13.04
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 13.10
Ubuntu	Ubuntu	Ubuntu 10.04 LTS

References

Title

Publication Time

CVE-2012-2121 (GCVE-0-2012-2121)

Vulnerability from cvelistv5 – Published: 2012-05-17 10:00 – Updated: 2024-08-06 19:26

Summary

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

11 references

URL	Tags
http://secunia.com/advisories/50732	third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0743.html	vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id?1027083	vdb-entryx_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2012/0…	mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=814149	x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/09ca8e11…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1577-1	vendor-advisoryx_refsource_UBUNTU
http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2036-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2037-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2012-0676.html	vendor-advisoryx_refsource_REDHAT

Date Public ?

2012-04-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50732"
          },
          {
            "name": "RHSA-2012:0743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
          },
          {
            "name": "1027083",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027083"
          },
          {
            "name": "[oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/04/19/16"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195"
          },
          {
            "name": "USN-1577-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1577-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4"
          },
          {
            "name": "USN-2036-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2036-1"
          },
          {
            "name": "USN-2037-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2037-1"
          },
          {
            "name": "RHSA-2012:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "50732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50732"
        },
        {
          "name": "RHSA-2012:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
        },
        {
          "name": "1027083",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027083"
        },
        {
          "name": "[oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/04/19/16"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=814149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195"
        },
        {
          "name": "USN-1577-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1577-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4"
        },
        {
          "name": "USN-2036-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2036-1"
        },
        {
          "name": "USN-2037-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2037-1"
        },
        {
          "name": "RHSA-2012:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2121",
    "datePublished": "2012-05-17T10:00:00.000Z",
    "dateReserved": "2012-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:26:08.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5374 (GCVE-0-2012-5374)

Vulnerability from cvelistv5 – Published: 2013-02-18 11:00 – Updated: 2024-08-06 21:05

Summary

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

11 references

URL	Tags
http://www.kernel.org/pub/linux/kernel/v3.x/testi…	x_refsource_CONFIRM
http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/	x_refsource_MISC
https://github.com/torvalds/linux/commit/9c52057c…	x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-1944-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1945-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2017-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1947-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2012/12/13/20	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1946-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2012-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:46.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c52057c698fb96f8f07e7a4bcf4801a092bda89"
          },
          {
            "name": "openSUSE-SU-2013:0395",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"
          },
          {
            "name": "USN-1944-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1944-1"
          },
          {
            "name": "USN-1945-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1945-1"
          },
          {
            "name": "USN-2017-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2017-1"
          },
          {
            "name": "USN-1947-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1947-1"
          },
          {
            "name": "[oss-security] 20121213 CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/12/13/20"
          },
          {
            "name": "USN-1946-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1946-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-02T14:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c52057c698fb96f8f07e7a4bcf4801a092bda89"
        },
        {
          "name": "openSUSE-SU-2013:0395",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"
        },
        {
          "name": "USN-1944-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1944-1"
        },
        {
          "name": "USN-1945-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1945-1"
        },
        {
          "name": "USN-2017-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2017-1"
        },
        {
          "name": "USN-1947-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1947-1"
        },
        {
          "name": "[oss-security] 20121213 CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/12/13/20"
        },
        {
          "name": "USN-1946-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1946-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5374",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
            },
            {
              "name": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/",
              "refsource": "MISC",
              "url": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89"
            },
            {
              "name": "openSUSE-SU-2013:0395",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"
            },
            {
              "name": "USN-1944-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1944-1"
            },
            {
              "name": "USN-1945-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1945-1"
            },
            {
              "name": "USN-2017-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2017-1"
            },
            {
              "name": "USN-1947-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1947-1"
            },
            {
              "name": "[oss-security] 20121213 CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/12/13/20"
            },
            {
              "name": "USN-1946-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1946-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5374",
    "datePublished": "2013-02-18T11:00:00.000Z",
    "dateReserved": "2012-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:05:46.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5375 (GCVE-0-2012-5375)

Vulnerability from cvelistv5 – Published: 2013-02-18 11:00 – Updated: 2024-08-06 21:05

Summary

The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

10 references

URL	Tags
http://www.kernel.org/pub/linux/kernel/v3.x/testi…	x_refsource_CONFIRM
http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/	x_refsource_MISC
https://github.com/torvalds/linux/commit/9c52057c…	x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1944-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1945-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2017-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1947-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2012/12/13/20	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1946-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2012-12-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:46.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c52057c698fb96f8f07e7a4bcf4801a092bda89"
          },
          {
            "name": "USN-1944-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1944-1"
          },
          {
            "name": "USN-1945-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1945-1"
          },
          {
            "name": "USN-2017-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2017-1"
          },
          {
            "name": "USN-1947-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1947-1"
          },
          {
            "name": "[oss-security] 20121213 CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/12/13/20"
          },
          {
            "name": "USN-1946-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1946-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-02T14:57:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9c52057c698fb96f8f07e7a4bcf4801a092bda89"
        },
        {
          "name": "USN-1944-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1944-1"
        },
        {
          "name": "USN-1945-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1945-1"
        },
        {
          "name": "USN-2017-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2017-1"
        },
        {
          "name": "USN-1947-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1947-1"
        },
        {
          "name": "[oss-security] 20121213 CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/12/13/20"
        },
        {
          "name": "USN-1946-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1946-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
            },
            {
              "name": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/",
              "refsource": "MISC",
              "url": "http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/9c52057c698fb96f8f07e7a4bcf4801a092bda89"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9c52057c698fb96f8f07e7a4bcf4801a092bda89"
            },
            {
              "name": "USN-1944-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1944-1"
            },
            {
              "name": "USN-1945-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1945-1"
            },
            {
              "name": "USN-2017-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2017-1"
            },
            {
              "name": "USN-1947-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1947-1"
            },
            {
              "name": "[oss-security] 20121213 CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2012/12/13/20"
            },
            {
              "name": "USN-1946-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1946-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5375",
    "datePublished": "2013-02-18T11:00:00.000Z",
    "dateReserved": "2012-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:05:46.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0343 (GCVE-0-2013-0343)

Vulnerability from cvelistv5 – Published: 2013-02-28 19:00 – Updated: 2024-08-06 14:25

Summary

The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

20 references

URL	Tags
http://www.ubuntu.com/usn/USN-2024-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2013/01/21/11	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1490.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1977-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2039-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2022-1	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=914664	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1645.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2038-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2020-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2021-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1976-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2019-1	vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2013/02/22/6	mailing-listx_refsource_MLIST
http://openwall.com/lists/oss-security/2013/01/16/7	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1449.html	vendor-advisoryx_refsource_REDHAT
http://openwall.com/lists/oss-security/2012/12/05/4	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-2023-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2050-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2012-12-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:09.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2024-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2024-1"
          },
          {
            "name": "[oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/01/21/11"
          },
          {
            "name": "RHSA-2013:1490",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
          },
          {
            "name": "USN-1977-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1977-1"
          },
          {
            "name": "USN-2039-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2039-1"
          },
          {
            "name": "USN-2022-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2022-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914664"
          },
          {
            "name": "RHSA-2013:1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
          },
          {
            "name": "USN-2038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2038-1"
          },
          {
            "name": "USN-2020-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2020-1"
          },
          {
            "name": "USN-2021-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2021-1"
          },
          {
            "name": "USN-1976-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1976-1"
          },
          {
            "name": "USN-2019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2019-1"
          },
          {
            "name": "[oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/02/22/6"
          },
          {
            "name": "[oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/01/16/7"
          },
          {
            "name": "RHSA-2013:1449",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
          },
          {
            "name": "[oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2012/12/05/4"
          },
          {
            "name": "openSUSE-SU-2014:0204",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
          },
          {
            "name": "USN-2023-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2023-1"
          },
          {
            "name": "USN-2050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2050-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-04T15:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2024-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2024-1"
        },
        {
          "name": "[oss-security] 20130121 Re: Linux kernel handling of IPv6 temporary addresses",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/01/21/11"
        },
        {
          "name": "RHSA-2013:1490",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
        },
        {
          "name": "USN-1977-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1977-1"
        },
        {
          "name": "USN-2039-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2039-1"
        },
        {
          "name": "USN-2022-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2022-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914664"
        },
        {
          "name": "RHSA-2013:1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
        },
        {
          "name": "USN-2038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2038-1"
        },
        {
          "name": "USN-2020-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2020-1"
        },
        {
          "name": "USN-2021-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2021-1"
        },
        {
          "name": "USN-1976-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1976-1"
        },
        {
          "name": "USN-2019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2019-1"
        },
        {
          "name": "[oss-security] 20130222 Re: Linux kernel handling of IPv6 temporary addresses",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/02/22/6"
        },
        {
          "name": "[oss-security] 20130116 Re: Linux kernel handling of IPv6 temporary addresses",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/01/16/7"
        },
        {
          "name": "RHSA-2013:1449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1449.html"
        },
        {
          "name": "[oss-security] 20121205 Re: Linux kernel handling of IPv6 temporary addresses",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2012/12/05/4"
        },
        {
          "name": "openSUSE-SU-2014:0204",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html"
        },
        {
          "name": "USN-2023-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2023-1"
        },
        {
          "name": "USN-2050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2050-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0343",
    "datePublished": "2013-02-28T19:00:00.000Z",
    "dateReserved": "2012-12-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T14:25:09.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2140 (GCVE-0-2013-2140)

Vulnerability from cvelistv5 – Published: 2013-09-25 10:00 – Updated: 2024-08-06 15:27

Summary

The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

14 references

URL	Tags
http://www.ubuntu.com/usn/USN-1943-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2039-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1938-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1944-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1945-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2038-1	vendor-advisoryx_refsource_UBUNTU
http://people.canonical.com/~ubuntu-security/cve/…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/0…	mailing-listx_refsource_MLIST
http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/604c499c…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1947-1	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=971146	x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1946-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2013-06-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:40.705Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1943-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1943-1"
          },
          {
            "name": "USN-2039-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2039-1"
          },
          {
            "name": "USN-1938-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1938-1"
          },
          {
            "name": "USN-1944-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1944-1"
          },
          {
            "name": "USN-1945-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1945-1"
          },
          {
            "name": "USN-2038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2038-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html"
          },
          {
            "name": "[oss-security] 20130605 Re: xen/blkback: Check device permissions before allowing OP_DISCARD",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/06/05/21"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=604c499cbbcc3d5fe5fb8d53306aa0fae1990109"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109"
          },
          {
            "name": "USN-1947-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1947-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971146"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5"
          },
          {
            "name": "USN-1946-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1946-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-30T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-1943-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1943-1"
        },
        {
          "name": "USN-2039-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2039-1"
        },
        {
          "name": "USN-1938-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1938-1"
        },
        {
          "name": "USN-1944-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1944-1"
        },
        {
          "name": "USN-1945-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1945-1"
        },
        {
          "name": "USN-2038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2038-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html"
        },
        {
          "name": "[oss-security] 20130605 Re: xen/blkback: Check device permissions before allowing OP_DISCARD",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/06/05/21"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=604c499cbbcc3d5fe5fb8d53306aa0fae1990109"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109"
        },
        {
          "name": "USN-1947-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1947-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971146"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5"
        },
        {
          "name": "USN-1946-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1946-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2140",
    "datePublished": "2013-09-25T10:00:00.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:27:40.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2147 (GCVE-0-2013-2147)

Vulnerability from cvelistv5 – Published: 2013-06-07 10:00 – Updated: 2024-08-06 15:27

Summary

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

16 references

URL	Tags
http://www.ubuntu.com/usn/USN-2015-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2013-1166.html	vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2013/0…	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-1996-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1994-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1997-1	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=971242	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2016-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2020-1	vendor-advisoryx_refsource_UBUNTU
http://lkml.org/lkml/2013/6/3/127	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-2017-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2023-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2050-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1999-1	vendor-advisoryx_refsource_UBUNTU
http://lkml.org/lkml/2013/6/3/131	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Date Public ?

2013-06-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:40.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2015-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2015-1"
          },
          {
            "name": "RHSA-2013:1166",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
          },
          {
            "name": "[oss-security] 20130605 Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/06/05/25"
          },
          {
            "name": "USN-1996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1996-1"
          },
          {
            "name": "USN-1994-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1994-1"
          },
          {
            "name": "USN-1997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1997-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971242"
          },
          {
            "name": "USN-2016-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2016-1"
          },
          {
            "name": "USN-2020-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2020-1"
          },
          {
            "name": "[linux-kernel] 20130603 [patch] cciss: info leak in cciss_ioctl32_passthru()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2013/6/3/127"
          },
          {
            "name": "USN-2017-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2017-1"
          },
          {
            "name": "USN-2023-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2023-1"
          },
          {
            "name": "USN-2050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2050-1"
          },
          {
            "name": "USN-1999-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1999-1"
          },
          {
            "name": "[linux-kernel] 20130603 [patch] cpqarray: info leak in ida_locked_ioctl()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lkml.org/lkml/2013/6/3/131"
          },
          {
            "name": "SUSE-SU-2015:0812",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T21:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2015-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2015-1"
        },
        {
          "name": "RHSA-2013:1166",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
        },
        {
          "name": "[oss-security] 20130605 Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/06/05/25"
        },
        {
          "name": "USN-1996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1996-1"
        },
        {
          "name": "USN-1994-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1994-1"
        },
        {
          "name": "USN-1997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1997-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971242"
        },
        {
          "name": "USN-2016-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2016-1"
        },
        {
          "name": "USN-2020-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2020-1"
        },
        {
          "name": "[linux-kernel] 20130603 [patch] cciss: info leak in cciss_ioctl32_passthru()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2013/6/3/127"
        },
        {
          "name": "USN-2017-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2017-1"
        },
        {
          "name": "USN-2023-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2023-1"
        },
        {
          "name": "USN-2050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2050-1"
        },
        {
          "name": "USN-1999-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1999-1"
        },
        {
          "name": "[linux-kernel] 20130603 [patch] cpqarray: info leak in ida_locked_ioctl()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lkml.org/lkml/2013/6/3/131"
        },
        {
          "name": "SUSE-SU-2015:0812",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2147",
    "datePublished": "2013-06-07T10:00:00.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:27:40.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2888 (GCVE-0-2013-2888)

Vulnerability from cvelistv5 – Published: 2013-09-13 18:00 – Updated: 2024-08-06 15:52

Summary

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

16 references

URL	Tags
http://www.ubuntu.com/usn/USN-2024-1	vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=linux-input&m=137772180514608&w=1	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1490.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1977-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2039-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2022-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2013/08/28/13	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1645.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1995-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2038-1	vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2013/dsa-2766	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2021-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1976-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2019-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1998-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2050-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2013-08-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:20.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2024-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2024-1"
          },
          {
            "name": "[linux-input] 20130828 [PATCH 01/14] HID: validate HID report id size",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-input\u0026m=137772180514608\u0026w=1"
          },
          {
            "name": "RHSA-2013:1490",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
          },
          {
            "name": "USN-1977-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1977-1"
          },
          {
            "name": "USN-2039-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2039-1"
          },
          {
            "name": "USN-2022-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2022-1"
          },
          {
            "name": "[oss-security] 20130828 Linux HID security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
          },
          {
            "name": "RHSA-2013:1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
          },
          {
            "name": "USN-1995-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1995-1"
          },
          {
            "name": "USN-2038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2038-1"
          },
          {
            "name": "DSA-2766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2766"
          },
          {
            "name": "USN-2021-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2021-1"
          },
          {
            "name": "USN-1976-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1976-1"
          },
          {
            "name": "USN-2019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2019-1"
          },
          {
            "name": "USN-1998-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1998-1"
          },
          {
            "name": "USN-2050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2050-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-30T19:57:01.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-2024-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2024-1"
        },
        {
          "name": "[linux-input] 20130828 [PATCH 01/14] HID: validate HID report id size",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-input\u0026m=137772180514608\u0026w=1"
        },
        {
          "name": "RHSA-2013:1490",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
        },
        {
          "name": "USN-1977-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1977-1"
        },
        {
          "name": "USN-2039-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2039-1"
        },
        {
          "name": "USN-2022-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2022-1"
        },
        {
          "name": "[oss-security] 20130828 Linux HID security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
        },
        {
          "name": "RHSA-2013:1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
        },
        {
          "name": "USN-1995-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1995-1"
        },
        {
          "name": "USN-2038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2038-1"
        },
        {
          "name": "DSA-2766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2766"
        },
        {
          "name": "USN-2021-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2021-1"
        },
        {
          "name": "USN-1976-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1976-1"
        },
        {
          "name": "USN-2019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2019-1"
        },
        {
          "name": "USN-1998-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1998-1"
        },
        {
          "name": "USN-2050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2050-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2013-2888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2024-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2024-1"
            },
            {
              "name": "[linux-input] 20130828 [PATCH 01/14] HID: validate HID report id size",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-input\u0026m=137772180514608\u0026w=1"
            },
            {
              "name": "RHSA-2013:1490",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
            },
            {
              "name": "USN-1977-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1977-1"
            },
            {
              "name": "USN-2039-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2039-1"
            },
            {
              "name": "USN-2022-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2022-1"
            },
            {
              "name": "[oss-security] 20130828 Linux HID security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
            },
            {
              "name": "RHSA-2013:1645",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
            },
            {
              "name": "USN-1995-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1995-1"
            },
            {
              "name": "USN-2038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2038-1"
            },
            {
              "name": "DSA-2766",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2766"
            },
            {
              "name": "USN-2021-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2021-1"
            },
            {
              "name": "USN-1976-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1976-1"
            },
            {
              "name": "USN-2019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2019-1"
            },
            {
              "name": "USN-1998-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1998-1"
            },
            {
              "name": "USN-2050-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2050-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2013-2888",
    "datePublished": "2013-09-13T18:00:00.000Z",
    "dateReserved": "2013-04-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:52:20.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2889 (GCVE-0-2013-2889)

Vulnerability from cvelistv5 – Published: 2013-09-13 18:00 – Updated: 2024-08-06 15:52

Summary

drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

15 references

URL	Tags
http://www.ubuntu.com/usn/USN-2015-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2024-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2039-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2022-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2013/08/28/13	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1645.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2016-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2038-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2020-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2021-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2019-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/62042	vdb-entryx_refsource_BID
http://marc.info/?l=linux-input&m=137772182014614&w=1	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-2023-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2050-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2013-08-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:21.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2015-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2015-1"
          },
          {
            "name": "USN-2024-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2024-1"
          },
          {
            "name": "USN-2039-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2039-1"
          },
          {
            "name": "USN-2022-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2022-1"
          },
          {
            "name": "[oss-security] 20130828 Linux HID security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
          },
          {
            "name": "RHSA-2013:1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
          },
          {
            "name": "USN-2016-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2016-1"
          },
          {
            "name": "USN-2038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2038-1"
          },
          {
            "name": "USN-2020-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2020-1"
          },
          {
            "name": "USN-2021-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2021-1"
          },
          {
            "name": "USN-2019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2019-1"
          },
          {
            "name": "62042",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62042"
          },
          {
            "name": "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-input\u0026m=137772182014614\u0026w=1"
          },
          {
            "name": "USN-2023-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2023-1"
          },
          {
            "name": "USN-2050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2050-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T21:57:01.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-2015-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2015-1"
        },
        {
          "name": "USN-2024-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2024-1"
        },
        {
          "name": "USN-2039-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2039-1"
        },
        {
          "name": "USN-2022-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2022-1"
        },
        {
          "name": "[oss-security] 20130828 Linux HID security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
        },
        {
          "name": "RHSA-2013:1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
        },
        {
          "name": "USN-2016-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2016-1"
        },
        {
          "name": "USN-2038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2038-1"
        },
        {
          "name": "USN-2020-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2020-1"
        },
        {
          "name": "USN-2021-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2021-1"
        },
        {
          "name": "USN-2019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2019-1"
        },
        {
          "name": "62042",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62042"
        },
        {
          "name": "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-input\u0026m=137772182014614\u0026w=1"
        },
        {
          "name": "USN-2023-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2023-1"
        },
        {
          "name": "USN-2050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2050-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2013-2889",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2015-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2015-1"
            },
            {
              "name": "USN-2024-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2024-1"
            },
            {
              "name": "USN-2039-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2039-1"
            },
            {
              "name": "USN-2022-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2022-1"
            },
            {
              "name": "[oss-security] 20130828 Linux HID security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
            },
            {
              "name": "RHSA-2013:1645",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
            },
            {
              "name": "USN-2016-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2016-1"
            },
            {
              "name": "USN-2038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2038-1"
            },
            {
              "name": "USN-2020-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2020-1"
            },
            {
              "name": "USN-2021-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2021-1"
            },
            {
              "name": "USN-2019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2019-1"
            },
            {
              "name": "62042",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62042"
            },
            {
              "name": "[linux-input] 20130828 [PATCH 03/14] HID: zeroplus: validate output report details",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-input\u0026m=137772182014614\u0026w=1"
            },
            {
              "name": "USN-2023-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2023-1"
            },
            {
              "name": "USN-2050-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2050-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2013-2889",
    "datePublished": "2013-09-13T18:00:00.000Z",
    "dateReserved": "2013-04-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:52:21.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2892 (GCVE-0-2013-2892)

Vulnerability from cvelistv5 – Published: 2013-09-13 18:00 – Updated: 2024-08-06 15:52

Summary

drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

17 references

URL	Tags
http://www.ubuntu.com/usn/USN-2024-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2013-1490.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1977-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2039-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2022-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2013/08/28/13	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1645.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1995-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2038-1	vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2013/dsa-2766	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2021-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-1976-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2019-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/62049	vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-1998-1	vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=linux-input&m=137772185414625&w=1	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-2050-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2013-08-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:21.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2024-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2024-1"
          },
          {
            "name": "RHSA-2013:1490",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
          },
          {
            "name": "USN-1977-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1977-1"
          },
          {
            "name": "USN-2039-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2039-1"
          },
          {
            "name": "USN-2022-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2022-1"
          },
          {
            "name": "[oss-security] 20130828 Linux HID security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
          },
          {
            "name": "RHSA-2013:1645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
          },
          {
            "name": "USN-1995-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1995-1"
          },
          {
            "name": "USN-2038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2038-1"
          },
          {
            "name": "DSA-2766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2766"
          },
          {
            "name": "USN-2021-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2021-1"
          },
          {
            "name": "USN-1976-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1976-1"
          },
          {
            "name": "USN-2019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2019-1"
          },
          {
            "name": "62049",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62049"
          },
          {
            "name": "USN-1998-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1998-1"
          },
          {
            "name": "[linux-input] 20130828 [PATCH 06/14] HID: pantherlord: validate output report details",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-input\u0026m=137772185414625\u0026w=1"
          },
          {
            "name": "USN-2050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2050-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-2024-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2024-1"
        },
        {
          "name": "RHSA-2013:1490",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
        },
        {
          "name": "USN-1977-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1977-1"
        },
        {
          "name": "USN-2039-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2039-1"
        },
        {
          "name": "USN-2022-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2022-1"
        },
        {
          "name": "[oss-security] 20130828 Linux HID security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
        },
        {
          "name": "RHSA-2013:1645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
        },
        {
          "name": "USN-1995-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1995-1"
        },
        {
          "name": "USN-2038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2038-1"
        },
        {
          "name": "DSA-2766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2766"
        },
        {
          "name": "USN-2021-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2021-1"
        },
        {
          "name": "USN-1976-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1976-1"
        },
        {
          "name": "USN-2019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2019-1"
        },
        {
          "name": "62049",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62049"
        },
        {
          "name": "USN-1998-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1998-1"
        },
        {
          "name": "[linux-input] 20130828 [PATCH 06/14] HID: pantherlord: validate output report details",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-input\u0026m=137772185414625\u0026w=1"
        },
        {
          "name": "USN-2050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2050-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2013-2892",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2024-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2024-1"
            },
            {
              "name": "RHSA-2013:1490",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
            },
            {
              "name": "USN-1977-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1977-1"
            },
            {
              "name": "USN-2039-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2039-1"
            },
            {
              "name": "USN-2022-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2022-1"
            },
            {
              "name": "[oss-security] 20130828 Linux HID security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
            },
            {
              "name": "RHSA-2013:1645",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
            },
            {
              "name": "USN-1995-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1995-1"
            },
            {
              "name": "USN-2038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2038-1"
            },
            {
              "name": "DSA-2766",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2766"
            },
            {
              "name": "USN-2021-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2021-1"
            },
            {
              "name": "USN-1976-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1976-1"
            },
            {
              "name": "USN-2019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2019-1"
            },
            {
              "name": "62049",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62049"
            },
            {
              "name": "USN-1998-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1998-1"
            },
            {
              "name": "[linux-input] 20130828 [PATCH 06/14] HID: pantherlord: validate output report details",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-input\u0026m=137772185414625\u0026w=1"
            },
            {
              "name": "USN-2050-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2050-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2013-2892",
    "datePublished": "2013-09-13T18:00:00.000Z",
    "dateReserved": "2013-04-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:52:21.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-2893 (GCVE-0-2013-2893)

Vulnerability from cvelistv5 – Published: 2013-09-13 18:00 – Updated: 2024-08-06 15:52

Summary

The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.

Severity ?

No CVSS data available.

CWE

Assigner

Chrome

References

17 references

URL	Tags
http://www.ubuntu.com/usn/USN-2015-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2024-1	vendor-advisoryx_refsource_UBUNTU
http://marc.info/?l=linux-input&m=137772186714627&w=1	mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1490.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2039-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2022-1	vendor-advisoryx_refsource_UBUNTU
http://openwall.com/lists/oss-security/2013/08/28/13	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-2016-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2038-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2020-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2021-1	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-2019-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/62050	vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2023-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2050-1	vendor-advisoryx_refsource_UBUNTU

Date Public ?

2013-08-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:21.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2015-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2015-1"
          },
          {
            "name": "USN-2024-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2024-1"
          },
          {
            "name": "[linux-input] 20130828 [PATCH 07/14] HID: LG: validate HID output report details",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-input\u0026m=137772186714627\u0026w=1"
          },
          {
            "name": "RHSA-2013:1490",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
          },
          {
            "name": "USN-2039-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2039-1"
          },
          {
            "name": "USN-2022-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2022-1"
          },
          {
            "name": "[oss-security] 20130828 Linux HID security flaws",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
          },
          {
            "name": "USN-2016-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2016-1"
          },
          {
            "name": "USN-2038-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2038-1"
          },
          {
            "name": "USN-2020-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2020-1"
          },
          {
            "name": "USN-2021-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2021-1"
          },
          {
            "name": "SUSE-SU-2015:0481",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2015:0566",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
          },
          {
            "name": "USN-2019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2019-1"
          },
          {
            "name": "62050",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62050"
          },
          {
            "name": "USN-2023-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2023-1"
          },
          {
            "name": "USN-2050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2050-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-08T21:57:01.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "USN-2015-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2015-1"
        },
        {
          "name": "USN-2024-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2024-1"
        },
        {
          "name": "[linux-input] 20130828 [PATCH 07/14] HID: LG: validate HID output report details",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-input\u0026m=137772186714627\u0026w=1"
        },
        {
          "name": "RHSA-2013:1490",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
        },
        {
          "name": "USN-2039-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2039-1"
        },
        {
          "name": "USN-2022-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2022-1"
        },
        {
          "name": "[oss-security] 20130828 Linux HID security flaws",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
        },
        {
          "name": "USN-2016-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2016-1"
        },
        {
          "name": "USN-2038-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2038-1"
        },
        {
          "name": "USN-2020-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2020-1"
        },
        {
          "name": "USN-2021-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2021-1"
        },
        {
          "name": "SUSE-SU-2015:0481",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2015:0566",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
        },
        {
          "name": "USN-2019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2019-1"
        },
        {
          "name": "62050",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62050"
        },
        {
          "name": "USN-2023-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2023-1"
        },
        {
          "name": "USN-2050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2050-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2013-2893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2015-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2015-1"
            },
            {
              "name": "USN-2024-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2024-1"
            },
            {
              "name": "[linux-input] 20130828 [PATCH 07/14] HID: LG: validate HID output report details",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-input\u0026m=137772186714627\u0026w=1"
            },
            {
              "name": "RHSA-2013:1490",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
            },
            {
              "name": "USN-2039-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2039-1"
            },
            {
              "name": "USN-2022-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2022-1"
            },
            {
              "name": "[oss-security] 20130828 Linux HID security flaws",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
            },
            {
              "name": "USN-2016-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2016-1"
            },
            {
              "name": "USN-2038-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2038-1"
            },
            {
              "name": "USN-2020-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2020-1"
            },
            {
              "name": "USN-2021-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2021-1"
            },
            {
              "name": "SUSE-SU-2015:0481",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2015:0566",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"
            },
            {
              "name": "USN-2019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2019-1"
            },
            {
              "name": "62050",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62050"
            },
            {
              "name": "USN-2023-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2023-1"
            },
            {
              "name": "USN-2050-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2050-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2013-2893",
    "datePublished": "2013-09-13T18:00:00.000Z",
    "dateReserved": "2013-04-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:52:21.337Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2013-AVI-656

Solution

CVE-2012-2121 (GCVE-0-2012-2121)

CVE-2012-5374 (GCVE-0-2012-5374)

CVE-2012-5375 (GCVE-0-2012-5375)

CVE-2013-0343 (GCVE-0-2013-0343)

CVE-2013-2140 (GCVE-0-2013-2140)

CVE-2013-2147 (GCVE-0-2013-2147)

CVE-2013-2888 (GCVE-0-2013-2888)

CVE-2013-2889 (GCVE-0-2013-2889)

CVE-2013-2892 (GCVE-0-2013-2892)

CVE-2013-2893 (GCVE-0-2013-2893)

Tags

Sightings

Nomenclature