Bug 1000451 (CVE-2013-2888) - CVE-2013-2888 Kernel: HID: memory corruption flaw
Summary: CVE-2013-2888 Kernel: HID: memory corruption flaw
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-2888
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1000452 1000453 1000454 1000456 1000457 1002543 1032996 1032999
Blocks: 1000448
TreeView+ depends on / blocked
 
Reported: 2013-08-23 13:23 UTC by Prasad Pandit
Modified: 2021-02-17 07:23 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-09 12:36:12 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1490 0 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2013-10-31 20:23:39 UTC
Red Hat Product Errata RHSA-2013:1527 0 normal SHIPPED_LIVE Important: rhev-hypervisor6 security and bug fix update 2013-11-21 09:47:11 UTC
Red Hat Product Errata RHSA-2013:1645 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 6 kernel update 2013-11-20 22:04:18 UTC
Red Hat Product Errata RHSA-2014:0433 0 normal SHIPPED_LIVE Moderate: kernel security, bug fix, and enhancement update 2014-04-24 21:36:04 UTC

Description Prasad Pandit 2013-08-23 13:23:47 UTC
Linux kernel built with the Human Interface Device bus (CONFIG_HID) or USB Human
Interface Device(CONFIG_USB_HID) support is vulnerable to a memory corruption flaw. It could occur if an HID device sends malicious HID report with the Report_ID of greater than 255.

A local user with physical access to the system could use this flaw to crash
the system resulting in DoS or, potentially, escalate their privileges on the system.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/43622021d2e2b82ea03d883926605bdd0525e1d1

Comment 1 Prasad Pandit 2013-08-23 13:26:54 UTC
Statement:

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.

Note: user would need physical access to the system to exploit this issue.

Comment 5 Prasad Pandit 2013-08-29 12:26:56 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1002543]

Comment 6 Fedora Update System 2013-09-13 01:03:31 UTC
kernel-3.10.11-200.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2013-09-16 00:25:22 UTC
kernel-3.10.11-100.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 errata-xmlrpc 2013-10-31 16:27:55 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html

Comment 11 errata-xmlrpc 2013-11-21 20:00:15 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1645 https://rhn.redhat.com/errata/RHSA-2013-1645.html

Comment 12 errata-xmlrpc 2013-11-22 00:37:15 UTC
This issue has been addressed in following products:

  RHEV-H and Agents for RHEL-6

Via RHSA-2013:1527 https://rhn.redhat.com/errata/RHSA-2013-1527.html

Comment 13 errata-xmlrpc 2014-04-24 17:40:21 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2014:0433 https://rhn.redhat.com/errata/RHSA-2014-0433.html


Note You need to log in before you can comment on or make changes to this bug.