Linux kernel built with the Human Interface Device(HID) Bus support(CONFIG_HID) along with a driver for Minibox PicoLCD devices support(CONFIG_HID_PICOLCD), is vulnerable to an OOB write flaw. It could occur if a device offers an HID report with arbitrary(>64) data size value. A local user with physical access to the system could use this flaw to crash the system resulting in DoS or potentially, escalate their privileges on the system. Upstream fix: ------------- -> https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 Reference: ---------- -> http://www.openwall.com/lists/oss-security/2014/09/11/22
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1141410]
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.
kernel-3.16.2-201.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.16.3-300.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.14.19-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A buffer overflow flaw was found in the way the Minibox PicoLCD driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html