Summary: | Kernel : HID security flaws (CVE-2013-{2888,2889,2890,2891,2892,2893,2894,2895,2896,2897,2898,2899}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/08/28/13 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-08-29 09:11:01 UTC
Tried to apply to 3.8.13 and 3.10.7; from the looks of it, seems they need to be backported to apply. They are probably written to target 3.11. I'll wait a small bit for upstream to backport these unless someone is willing to rewrite the patches. If not, I might backport these as I am working on a merge workflow to more easily rewrite patches (for the upcoming experimental patches). CVE-2013-2899 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2899): drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. CVE-2013-2898 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2898): drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device. CVE-2013-2897 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2897): Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. CVE-2013-2896 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2896): drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. CVE-2013-2895 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2895): drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device. CVE-2013-2894 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2894): drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. CVE-2013-2893 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2893): The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. CVE-2013-2892 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2892): drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. CVE-2013-2891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2891): drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. CVE-2013-2890 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2890): drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. CVE-2013-2889 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2889): drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. CVE-2013-2888 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2888): Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. Now that this is revised in stable queue I have managed to apply these; 2890 has been covered by the revised patch for 2888, 2893 I couldn't find and 2897 a revised patch was made because the original has shown to be problematic @ Fedora. We can be glad to have not backported some of these earlier... Will be part of 3.10.7-r1 and new version bumps. Looks like these were merged as 22e04f6b4b04a8afe9af9239224591d06ba3b24d, in 3.12. |