CVE-2013-2058 – Kernel: usb: chipidea: Allow disabling streaming not just in udc mode
https://notcve.org/view.php?id=CVE-2013-2058
The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service (system crash) by sending a large amount of network traffic through a USB/Ethernet adapter. La función host_start en drivers/usb/Chipidea/host.c en el kernel de Linux anterior a la versión 3.7.4 no soporta adecuadamente una determinada opción no-streaming, que permite a usuarios locales provocar una denegación de servicio (caída del sistema) mediante el envío de un gran cantidad de tráfico de red a través de un adaptador USB/Ethernet. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=929473ea05db455ad88cdc081f2adc556b8dc48f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.4 http://www.openwall.com/lists/oss-security/2013/05/05/2 https://bugzilla.redhat.com/show_bug.cgi?id=959210 https://github.com/torvalds/linux/commit/929473ea05db455ad88cdc081f2adc556b8dc48f https://access.redhat.com/security/cve/CVE-2013-2058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2896 – Kernel: HID: ntrig: NULL pointer dereference
https://notcve.org/view.php?id=CVE-2013-2896
drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. drivers/hid/hid-ntrig.c en el subsistema Human Interface Device (HID) del kernel Linux hasta 3.11, cuando CONFIG_HID_NTRIG es activado, permite a atacantes con acceso físico causar una denegación de servicio (referencia a puntero nulo y OOPS) a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772189314633&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://www.ubuntu.com/usn/USN-1995-1 http://www.ubuntu.com/usn/USN-1998-1 http://www.ubuntu.com/usn/USN-2019-1 http://www.ubuntu.com/usn/USN-2021-1 http://www.ubuntu.com/usn/USN-2022-1 http://www.ubuntu.com/usn/USN-2024-1 http://www.ubuntu.com/usn/USN-2038-1 http:/ • CWE-476: NULL Pointer Dereference •
CVE-2013-2891
https://notcve.org/view.php?id=CVE-2013-2891
drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. drivers/hid/hid-steelseries.c en el subsistema Human Interface Device (HID) del kernel Linux hasta 3.11, cuando CONFIG_HID_STEELSERIES está activado, permite a atacantes con acceso físico causar una denegación de servicio (escritura fuera de rango en memoria dinámica) a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772184614622&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2889 – Kernel: HID: zeroplus: heap overflow flaw
https://notcve.org/view.php?id=CVE-2013-2889
drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. drivers/hid/hid-zpff.c en el subsistema Human Interface Device (HID) del kernel de Linux hasta la versión 3.11, cuando CONFIG_HID_ZEROPLUS está habilitado, permite físicamente a atacantes próximos causar una denegación de servicio (escritura fuera de límites basada en memoria dinámica) a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772182014614&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.securityfocus.com/bid/62042 http://www.ubuntu.com/usn/USN-2015-1 http://www.ubuntu.com/usn/USN-2016-1 http://www.ubuntu.com/usn/USN-2019-1 http://www.ubuntu.com/usn/USN-2020-1 http://www.ubuntu.com/usn/USN-2021-1 http://www.ubuntu.com/usn/USN-2022-1 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2013-2895 – Kernel: HID: logitech-dj: heap overflow flaw
https://notcve.org/view.php?id=CVE-2013-2895
drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device. drivers/hid/hid-logitech-dj.c en el subsistema Human Interface Device (HID) del kernel de Linux hasta v3.11, cuando CONFIG_HID_LOGITECH_DJ está activo, permite atacantes físicamente próximos causar denegación de servicio (referencia a puntero a NULL y OOPS) u obtener información sensible desde memoria del kernel a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772188314631&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://www.ubuntu.com/usn/USN-2019-1 http://www.ubuntu.com/usn/USN-2020-1 http://www.ubuntu.com/usn/USN-2021-1 http://www.ubuntu.com/usn/USN-2022-1 http://www.ubuntu.com/usn/USN-2023-1 http://www.ubuntu.com/usn/USN-2024-1 http://www.ubuntu.com/usn/USN-2038-1 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •