CVE-2013-2897
https://notcve.org/view.php?id=CVE-2013-2897
Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. Múltiples errores de indexación en el arrary en drivers/hid/hid-multitouch.c en el subsistema Human Interface Device (HID) en el kernel de Linux desde la versión 3.11, cuando está activado CONFIG_HID_MULTITOUCH, permite a atacantes cercanos físicamente, provocar una denegación de servicio (corrupción de la memoria -heap-, deferencia a puntero nulo y OOPS) a través de un dispositivo manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://marc.info/?l=linux-input&m=137772190214635&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://www.securityfocus.com/bid/62044 http://www.ubuntu.com/usn/USN-2015-1 http://www.ubuntu.com/usn/USN-2016-1 http://www.ubuntu.com/usn/USN-2019-1 http://www.ubuntu.com/usn/USN-2020-1 http:/ • CWE-20: Improper Input Validation •
CVE-2013-2891
https://notcve.org/view.php?id=CVE-2013-2891
drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. drivers/hid/hid-steelseries.c en el subsistema Human Interface Device (HID) del kernel Linux hasta 3.11, cuando CONFIG_HID_STEELSERIES está activado, permite a atacantes con acceso físico causar una denegación de servicio (escritura fuera de rango en memoria dinámica) a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772184614622&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2893 – Kernel: HID: LG: heap overflow flaw
https://notcve.org/view.php?id=CVE-2013-2893
The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. El subsistema Human Interface Device (HID) en el núcleo de Linux hasta v3.11, cuando CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, o CONFIG_LOGIWHEELS_FF esta habilitado, permite a los atacantes físicamente próximos a provocar una denegación de servicio (escritura fuera de rango en la memoria dinámica) a través de un dispositivo manipulado, relacionado con (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, y (3) drivers/hid/hid-lg4ff.c. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://marc.info/?l=linux-input&m=137772186714627&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://www.securityfocus.com/bid/62050 http://www.ubuntu.com/usn/USN-2015-1 http://www.ubuntu.com/usn/USN-2016-1 http://www.ubuntu.com/usn/USN-2019-1 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2013-2892 – Kernel: HID: pantherlord: heap overflow flaw
https://notcve.org/view.php?id=CVE-2013-2892
drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. drivers/hid/hid-pl.c en el subsistema Human Interface Device (HID) del kernel de Linux hasta v3.11, cuando CONFIG_HID_PANTHERLORD está activo, permite a atacantes físicamente próximos causar denegación de servicio (escritura fuera de límites basada en memoria dinámica) a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772185414625&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://rhn.redhat.com/errata/RHSA-2013-1490.html http://rhn.redhat.com/errata/RHSA-2013-1645.html http://www.debian.org/security/2013/dsa-2766 http://www.securityfocus.com/bid/62049 http://www.ubuntu.com/usn/USN-1976-1 http://www.ubuntu.com/usn/USN-1977-1 http://www.ubuntu.com/usn/USN-1995-1 http://www.ubuntu.com/usn/USN-1998-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2013-2898
https://notcve.org/view.php?id=CVE-2013-2898
drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. drivers/hid/hid-sensor-hub.c en el subsistema Human Interface Device (HID) en el kernel de Linux hasta la v3.11, cuando CONFIG_HID_SENSOR_HUB es activado, permite a atacantes físicamente próximos obtener información sensible de la memoria del núcleo a través de un dispositivo manipulado. • http://marc.info/?l=linux-input&m=137772191114645&w=1 http://openwall.com/lists/oss-security/2013/08/28/13 http://www.ubuntu.com/usn/USN-1995-1 http://www.ubuntu.com/usn/USN-1998-1 • CWE-20: Improper Input Validation •