Описание
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Отчет
This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2014:1971 | 09.12.2014 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2014:1318 | 29.09.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
Array index error in the logi_dj_raw_event function in drivers/hid/hid ...
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
ELSA-2014-3103: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
6.2 Medium
CVSS2