Heap-based Out-of-Bounds Write Vulnerability in Linux Kernel HID Subsystem

Heap-based Out-of-Bounds Write Vulnerability in Linux Kernel HID Subsystem

CVE-2013-2893 · MEDIUM Severity

AV:L/AC:M/AU:N/C:N/I:N/A:C

The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.