** Description changed: - Memory write via arbitrary heap array index. This is the most serious, - IMO, as it allows (on 32-bit) access to the entire memory range (the - index is unsigned 32 bit). This is mitigated slightly by the fact that - the starting address is at an "unknown" location on the heap, and that - the value written is an "arbitrary" kernel pointer. Still, this could - almost certainly be turned into full kernel execution given enough - study. + Multiple array index errors in drivers/hid/hid-core.c in the Human + Interface Device (HID) subsystem in the Linux kernel through 3.11 allow + physically proximate attackers to execute arbitrary code or cause a + denial of service (heap memory corruption) via a crafted device that + provides an invalid Report ID. Break-Fix: - 43622021d2e2b82ea03d883926605bdd0525e1d1
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1220185 Title: CVE-2013-2888 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1220185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
