Bug 1000474 - (CVE-2013-2898) CVE-2013-2898 Kernel: HID: sensor-hub: memory leak flaw
CVE-2013-2898 Kernel: HID: sensor-hub: memory leak flaw
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
Blocks: 1000459
  Show dependency treegraph
Reported: 2013-08-23 09:50 EDT by Prasad J Pandit
Modified: 2016-03-04 06:20 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-06-10 04:33:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Prasad J Pandit 2013-08-23 09:50:33 EDT
Linux kernel built with the Human Interface Device bus (CONFIG_HID) along with
the HID Sensors framework support(CONFIG_HID_SENSOR_HUB) is vulnerable to a
memory leakage flaw. It could occur when an HID device sends malicious output
report to the sensor-hub kernel driver.

A local user with physical access to the system could use this flaw to leak
kernel memory bytes.
Comment 1 Prasad J Pandit 2013-08-23 09:53:27 EDT

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

Note You need to log in before you can comment on or make changes to this bug.