Release date:
Updated on: 2013-08-31
Affected Systems:
Linux kernel 3.x
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 62043
CVE (CAN) ID: CVE-2013-2888
Linux Kernel is the Kernel of the Linux operating system.
Linux kernel has the Local Memory Corruption Vulnerability. After successful exploitation, attackers can destroy the memory. The "Report ID" Field of the HID Report is used to build the Report index. The Report index of the kernel is limited to 256 entries. Setting the "Report ID" field to a device greater than 255 triggers memory corruption on the host.
<* Source: Kees Cook (kees@Ubuntu.com)
Link: http://marc.info /? L = linux-input & m = 137772180514608 & w = 1
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Linux Kernel: click here
Linux Kernel: click here
Recommended: the Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5