// For flags

CVE-2016-5829

kernel: Heap buffer overflow in hiddev driver

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.

Múltiples desbordamientos de buffer basado en memoria dinámica en la función hiddev_ioctl_usage en drivers/hid/usbhid/hiddev.c en el kernel de Linux hasta la versión 4.6.3 permiten a usuarios locales provocar una denegación de servicio o tener posiblemente otro impacto no especificado a través de una llamada (1) HIDIOCGUSAGES o (2) HIDIOCSUSAGES ioctl manipulada.

A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-06-23 CVE Reserved
  • 2016-06-27 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (32)
URL Tag Source
http://www.openwall.com/lists/oss-security/2016/06/26/2 Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html Third Party Advisory
http://www.securityfocus.com/bid/91450 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93a2001bdfd5376c3dc2158653034c20392d15c5 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html 2023-01-17
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html 2023-01-17
http://rhn.redhat.com/errata/RHSA-2016-2006.html 2023-01-17
http://rhn.redhat.com/errata/RHSA-2016-2574.html 2023-01-17
http://rhn.redhat.com/errata/RHSA-2016-2584.html 2023-01-17
http://www.debian.org/security/2016/dsa-3616 2023-01-17
http://www.ubuntu.com/usn/USN-3070-1 2023-01-17
http://www.ubuntu.com/usn/USN-3070-2 2023-01-17
http://www.ubuntu.com/usn/USN-3070-3 2023-01-17
http://www.ubuntu.com/usn/USN-3070-4 2023-01-17
http://www.ubuntu.com/usn/USN-3071-1 2023-01-17
http://www.ubuntu.com/usn/USN-3071-2 2023-01-17
http://www.ubuntu.com/usn/USN-3072-1 2023-01-17
http://www.ubuntu.com/usn/USN-3072-2 2023-01-17
https://github.com/torvalds/linux/commit/93a2001bdfd5376c3dc2158653034c20392d15c5 2023-01-17
https://access.redhat.com/security/cve/CVE-2016-5829 2016-11-03
https://bugzilla.redhat.com/show_bug.cgi?id=1350509 2016-11-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 3.2.82
Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.82"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.3 < 3.10.103
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.103"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.11 < 3.12.62
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.62"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.13 < 3.14.74
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.74"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.15 < 3.16.37
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.17 < 3.18.37
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.37"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.19 < 4.1.28
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.28"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 4.2 < 4.4.16
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.16"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 4.5 < 4.6.5
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.6.5"
-
Affected
Novell
Search vendor "Novell"
 Suse Linux Enterprise Real Time Extension
Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension"
 12
Search vendor "Novell" for product "Suse Linux Enterprise Real Time Extension" and version "12"
sp1
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
esm
Affected