Bug 1000373 (CVE-2013-2899)

Summary: CVE-2013-2899 Kernel: HID: picolcd_core: NULL pointer dereference
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: agordeev, anton, aquini, dhoward, fhrbata, kernel-mgr, lwang, security-response-team, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-10 08:38:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1000374, 1002604    
Bug Blocks: 1000368    

Description Prasad Pandit 2013-08-23 10:07:50 UTC
Linux kernel built with the Human Interface Device(CONFIG_HID) support along
with the Minibox PicoLCD devices(CONFIG_HID_PICOLCD) driver is vulnerable to
a NULL pointer dereference flaw. It could occur when the HID device sends
malicious output report to the kernel driver.

A local user with physical access to the system could use this flaw to crash
the kernel resulting in DoS.

Comment 1 Prasad Pandit 2013-08-23 10:10:23 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

Comment 4 Prasad Pandit 2013-08-29 14:04:35 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1002604]

Comment 5 Fedora Update System 2013-09-13 01:05:25 UTC
kernel-3.10.11-200.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2013-09-16 00:27:14 UTC
kernel-3.10.11-100.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.