Ubuntu

CVE-2013-2888

Reported by John Johansen on 2013-09-03
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-armadaxp (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-ec2 (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-fsl-imx51 (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-backport-maverick (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-backport-natty (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Unassigned
Saucy
Undecided
Unassigned
Trusty
Undecided
Unassigned
linux-lts-quantal (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-raring (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-lts-saucy (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-mvl-dove (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned
linux-ti-omap4 (Ubuntu)
Status tracked in Trusty
Lucid
Medium
Unassigned
Precise
Medium
Unassigned
Quantal
Medium
Unassigned
Raring
Medium
Unassigned
Saucy
Medium
Unassigned
Trusty
Medium
Unassigned

Bug Description

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

Break-Fix: - 43622021d2e2b82ea03d883926605bdd0525e1d1

CVE References

John Johansen (jjohansen) wrote :

CVE-2013-2888

tags: added: kernel-cve-tracking-bug
information type: Public → Public Security
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Saucy):
status: New → Invalid
Changed in linux-armadaxp (Ubuntu Raring):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Saucy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Quantal):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Raring):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Saucy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Quantal):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Raring):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
description: updated
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-armadaxp (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ec2 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-quantal (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-mvl-dove (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-ti-omap4 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-fsl-imx51 (Ubuntu Raring):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Lucid):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Saucy):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Quantal):
importance: Undecided → Medium
Changed in linux-lts-raring (Ubuntu Raring):
importance: Undecided → Medium
description: updated
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
description: updated
Changed in linux (Ubuntu Saucy):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.32-52.114

---------------
linux (2.6.32-52.114) lucid; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1223984

  [ Upstream Kernel Changes ]

  * HID: pantherlord: validate output report details
    - LP: #1220196
    - CVE-2013-2892
  * HID: validate HID report id size
    - LP: #1220185
    - CVE-2013-2888
  * ipv6: remove max_addresses check from ipv6_create_tempaddr
    - LP: #1143800
    - CVE-2013-0343
 -- Tim Gardner <email address hidden> Tue, 10 Sep 2013 13:16:02 -0600

Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ec2 - 2.6.32-357.70

---------------
linux-ec2 (2.6.32-357.70) lucid-proposed; urgency=low

  [ Stefan Bader ]

  * Rebased to Ubuntu-2.6.32-52.114
  * Release Tracking Bug
    - LP: #1224214

  [ Ubuntu: 2.6.32-52.114 ]

  * HID: pantherlord: validate output report details
    - LP: #1220196
    - CVE-2013-2892
  * HID: validate HID report id size
    - LP: #1220185
    - CVE-2013-2888
  * ipv6: remove max_addresses check from ipv6_create_tempaddr
    - LP: #1143800
    - CVE-2013-0343
 -- Stefan Bader <email address hidden> Thu, 12 Sep 2013 11:48:17 +0200

Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux (Ubuntu Raring):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Saucy):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Raring):
status: New → Fix Committed
Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Quantal):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Raring):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Saucy):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu Trusty):
status: New → Won't Fix
Changed in linux-lts-backport-maverick (Ubuntu):
status: New → Won't Fix
Changed in linux-lts-backport-natty (Ubuntu):
status: New → Won't Fix
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-lts-quantal (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-lts-saucy (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Trusty):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Medium
Changed in linux-lts-saucy (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Medium
Changed in linux (Ubuntu Precise):
status: New → Fix Committed
Changed in linux (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Raring):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Trusty):
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers