2013-09-16 15:01:24 2014-01-04 05:47:06

Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.

Vector

LOCAL

Complexity

HIGH

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
HP Insight Management Wbem Providers 2.8.0.0 HP Insight Diagnostics 6.5.0 (A) Offline Edition HP Ignite-UX B.4.0 HP Insight Diagnostics 6.4.1 (A) Offline Edition HP Insight Control Performance Management 6.2 HP Ignite-UX B.3.8 HP Ignite-UX B.4.2 HP Ignite-UX B.4.1 HP Insight Control Performance Management 5.2.2 HP Ignite-UX B.4.4 HP Insight Diagnostics 7.5.5-1 Online Edition for Linux HP Insight Diagnostics 7.6.2 Rev. A Offline Edition HP Insight Diagnostics 7.0.0-30 Online Edition for Linux HP Ignite-UX B.4.3 HP Insight Diagnostics 7.5.5-1 Online Edition for Linux HP Insight Diagnostics 7.6.1 Offline Edition HP Insight Diagnostics 6.4.1 (A) Offline Edition HP Insight Control Performance Management 6.1 HP Insight Diagnostics 7.7.0-142 Online Edition for Linux HP Insight Control Performance Management 6.0 HP Ignite-UX B.5.0 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2000 HP Insight Diagnostics 7.7.0 Offline Edition HP Insight Management Suite HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.7.0.2112 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2000 HP Insight Diagnostics 7.7.0.2112 Online Edition for Windows Server 2003 HP Insight Diagnostics 6.5.0 (A) Offline Edition HP Insight Diagnostics 7.7.0 Rev. B Offline Edition HP Insight Diagnostics 7.0.0-30 Online Edition for Linux HP Insight Diagnostics 7.5.4 Offline Edition HP Insight Control Server Deployment HP Insight Management Agents 8.70.0.0 HP Insight Management Agents 8.70.0.0 (B) HP Insight Management Agents 9.0.0.0 HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows 2003 x64 HP Insight Management Wbem Providers 2.2.1.0 HP Insight Management Wbem Providers 2.3.0.0 HP Insight Management Wbem Providers 2.4.0.0 Linux Linux kernel 3.10.9 (not an official CPE) Linux Linux kernel 3.10.8 (not an official CPE) Linux Linux kernel 3.10.7 (not an official CPE) Linux Linux kernel 3.10.6 (not an official CPE) Linux Linux kernel 3.10.5 (not an official CPE) Linux Linux kernel 3.10.4 (not an official CPE) HP Insight Management Agent 7.70.0.0 HP Insight Management Agents 7.70.0.0 HP Insight Management Agents 7.80.0.0 HP Insight Management Agents 7.51.0.0 HP Insight Management Agents 7.60.0.0 HP Insight Management Agents 7.41.0.0 HP Insight Management Agents 7.95.0.0 HP Insight Management Agents 7.50.0.0 HP Insight Management Agent 7.80.0.0 HP Insight Management Agent 7.90.0.0 HP Insight Management Agents 7.90.0.0 HP Insight Management Agents 7.91.0.0 HP Insight Diagnostics 7.5.4 Offline Edition HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2000 HP Insight Control Performance Management 5.2 HP Insight Diagnostics 6.3.1.887 Offline Edition HP Insight Management Agents 7.30.0.0 HP Insight Management Agent 8.26.0.0 HP Insight Management Agent 8.70.0.0 HP Insight Management Agents 6.30.0.0 HP Insight Management Agents 7.0.0.0 HP Insight Management Agents 7.10.0.0 HP Insight Management Agents 6.31.0.0 (B) HP Insight Management Agents 6.40.0.0 HP Insight Management Agents 7.20.0.0 IMC Branch Intelligent Management System Software Module 5.0 HP Imaging Device Functions 10.0 HP Ignite-UX C.7.7.93 HP Ignite-UX C.7.11.439 HP Insight Management Wbem Providers 2.7.0.0 HP Ignite-UX C.6.6 HP Ignite-UX B.5.1 HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2003 HP Ignite-UX C.6.2.241 HP Ignite-UX C.6.3 HP Ignite-UX B.5.3 HP Ignite-UX B.5.2 HP Insight Management Agent 8.50.0.0 HP Ignite-UX C.6.2 HP Insight Management Agent 8.40.0.0 HP Ignite-UX C.6.10 HP Ignite-UX C.6.1 HP Ignite-UX B.5.4 HP Insight Diagnostics 7.5.0-14 Online Edition for Linux HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.0.1198 Online Edition for Windows 2000 HP Insight Diagnostics 7.3.0 Offline Edition HP iNode Management Center PC 5.1 HP iNode Management Center PC 5.1 E0304 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2003 x64 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2000 HP Insight Diagnostics 7.4.0-11 Online Edition for Linux HP Insight Diagnostics 7.4.0-11 Online Edition for Linux HP Insight Diagnostics 7.4.1 Offline Edition HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows Server 2003 HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2000 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows 2000 HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2003 HP Insight Diagnostics 7.4.0.1570 Online Edition for Windows Server 2003 HP Insight Management Agents 7.40.1.0 HP Insight Diagnostics 7.4.0 Linux Linux kernel 3.10.11 (not an official CPE) Linux Linux kernel 3.10.12 (not an official CPE) Linux Linux kernel 3.10.10 (not an official CPE) HP Insight Control Performance Management 5.0 HP Insight Diagnostics 7.4.1 Offline Edition HP Insight Diagnostics 7.5.0-14 Online Edition for Linux HP Insight Management Agents 7.40.0.0 IMC Branch Intelligent Management System Software Module 5.1 IMC Branch Intelligent Management System Software Module 5.2 IMC Branch Intelligent Management System Software Module 7.0 IMC Branch Intelligent Management System Software Module 7.0 E0201P02 HP iMC Service Operation Management Software module HP Info Center HP Inkjet 2250 TN HP iNode Management Center PC 5.0 HP iNode Management Center PC 5.0 E0101 HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 HP Insight Management Agents 8.60.0.0 HP Insight Diagnostics 7.9.1-15 Online Edition for Linux HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 HP Insight Management Agents 8.50.0.0 HP Insight Management Agents 8.5 HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 9.4.0.4710 HP Insight Diagnostics 7.9.1.2401 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics Online Edition For Windows 7.4.0 HP Insight Management Agents 8.20.0.0 HP Insight Management Agents 8.0.0.0 HP Insight Management Agents 8.40.0.0 HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 x64 HP Insight Management Agents 8.30.0.0 HP Insight Management Agents 8.26.0.0 HP Insight Diagnostics 7.9.0 Rev. A Offline Edition HP Insight Management Agents 8.22.0.0 HP Insight Diagnostics 7.9.0 Rev. A Offline Edition HP Insight Diagnostics 7.6.0-23 Online Edition for Linux HP Insight Diagnostics 7.6.0-23 Online Edition for Linux HP Insight Diagnostics 7.5.5.1681 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.6.0 Offline Edition HP Insight Diagnostics 7.6.0 Offline Edition HP Insight Diagnostics Online Edition For Windows 8.1.1 HP Insight Diagnostics Online Edition For Windows 8.0.0 HP Insight Diagnostics Online Edition For Windows 7.8.0 HP Ignite-UX C.7.2 HP Ignite-UX C.7.11.444 HP Ignite-UX C.7.3.144 HP Ignite-UX C.7.2.93 HP Ignite-UX C.7.4.155 HP Ignite-UX C.7.3.148 HP Ignite-UX C.7.5 HP Ignite-UX C.7.4.157 HP Ignite-UX C.7.6.100 HP Ignite-UX C.7.6.98 HP Ignite-UX C.7.10.474 HP Ignite-UX C.6.9.141 HP Ignite-UX C.6.8 HP Ignite-UX C.6.7 HP Insight Management Agents 8.15.0.0 HP Insight Management Agents 8.11.0.0 HP Ignite-UX C.7.1 HP Insight Management Agents 8.10.0.0 HP Ignite-UX C.7.0.212 HP Insight Management Agents 8.1.0.0 HP Ignite-UX C.7.0 HP Ignite-UX C.6.9.150 HP Ignite-UX C.6.4 HP Ignite-UX C.6.5 HP Ignite-UX C.7.1.92 HP Ignite-UX C.7.10.472 HP Insight Management Agent 8.15.0.0 HP Insight Management Agent 8.20.0.0 HP Insight Management Agent 8.0.0.0 HP Insight Management Agent 8.11.0.0 HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.8.0-159 Online Edition for Linux HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics Online Edition For Windows 8.4.0 HP Insight Diagnostics 7.9.0 HP Insight Diagnostics Online Edition For Windows 8.2.5 HP Insight Diagnostics 7.8.0.2257 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics Online Edition For Windows 8.6.0 HP Insight Diagnostics 7.9.0 Offline Edition HP Insight Diagnostics Online Edition For Windows 8.5.0 HP Insight Diagnostics 7.9.0 Offline Edition HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 HP Insight Diagnostics Online Edition For Windows 8.7.0 HP Insight Diagnostics 7.9.0-105 Online Edition for Linux HP Insight Diagnostics 7.3.0 Offline Edition HP Insight Diagnostics 7.0.2 (A) Offline Edition HP Insight Diagnostics 6.3.0.878 Online Edition for Windows 2000 HP Insight Diagnostics 6.3.1-1 Online Edition for Linux HP Insight Diagnostics 6.3.1-1 Online Edition for Linux HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.0.2 (A) Offline Edition HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.1-8 Online Edition for Linux HP Insight Diagnostics 7.0.1.1219 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.0.1198 Online Edition for Windows 2000 HP Insight Diagnostics 7.0.1-8 Online Edition for Linux HP Insight Diagnostics 7.9.0.2359 Online Edition for Windows Server 2003 x64 HP Insight Diagnostics 7.7.101 (2097) Offline Edition HP Insight Management Agent 8.60.0.0 HP Insight Management Agent 8.30.0.0 HP Insight Diagnostics Online Edition For Windows 7.6.0 HP Insight Diagnostics Online Edition For Windows 8.1.5 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows Server 2003 HP Insight Diagnostics 7.5.2 Offline Edition HP Insight Diagnostics 7.5.0.1679 Online Edition for Windows 2000 HP Insight Diagnostics 7.5.2 Offline Edition HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2000 HP Insight Diagnostics 7.6.0.1984 Online Edition for Windows 2003 x64 HP Imaging Device Functions 11.6 HP Imaging Device Functions 12.0 HP Insight Diagnostics 6.0.0 (A) Offline Edition HP Imaging Device Functions 7.0 HP Insight Diagnostics 6.0.0 (A) Offline Edition HP Imaging Device Functions 8.0 HP Insight Diagnostics 6.2.1 (A) Offline Edition HP Imaging Device Functions 9.0 HP Insight Diagnostics 6.2.1 (A) Offline Edition IMC Branch Intelligent Management System Software Module HP Imaging Device Functions 13.0 HP Imaging Device Functions 14.0 HP Insight Control Performance Management 6.3 HP Imaging Device Functions 5.3 HP Imaging Device Functions 6.0 HP Insight Diagnostics 6.3.0-15 Online Edition for Linux Linux Linux kernel 3.11 (not an official CPE) HP Insight Diagnostics 6.3.0-15 Online Edition for Linux HP Ignite-UX C.7.7.98 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.5.0.0 (x64) 64-bit HP Insight Management Wbem Providers For Windows Server 2003/2008 2.5.0.0 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.4.0.0 (x64) 64-bit HP Insight Management Wbem Providers For Windows Server 2003/2008 2.4.0.0 HP Image Zone 5.3 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.3.0.0 (x64) 64-bit HP Image Zone Express 1.5.1.29 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.3.0.0 HP Image Zone 4.5 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.2.1.0 (x64) 64-bit HP Image Zone 4.7 HP Insight Management Wbem Providers For Windows Server 2003/2008 2.2.1.0 HP Ignite-UX C.7.9.260 HP Insight Management Wbem Providers 2.6.0.0 HP Ignite-UX C.7.9.261 HP Insight Management Wbem Providers 2.5.0.0 HP Ignite-UX C.7.8 HP Ignite-UX C.7.9.254 HP Imaging Barcode Scanner BW868AA

Improper Input Validation (ID 20)

Related CAPEC 58 Buffer Overflow via Environment Variables (CAPEC-ID 10) Server Side Include (SSI) Injection (CAPEC-ID 101) Cross Zone Scripting (CAPEC-ID 104) Cross Site Scripting through Log Files (CAPEC-ID 106) Command Line Execution through SQL Injection (CAPEC-ID 108) Object Relational Mapping Injection (CAPEC-ID 109) SQL Injection through SOAP Parameter Tampering (CAPEC-ID 110) Subverting Environment Variable Values (CAPEC-ID 13) Format String Injection (CAPEC-ID 135) LDAP Injection (CAPEC-ID 136) Relative Path Traversal (CAPEC-ID 139) Client-side Injection-induced Buffer Overflow (CAPEC-ID 14) Variable Manipulation (CAPEC-ID 171) Embedding Scripts in Non-Script Elements (CAPEC-ID 18) Flash Injection (CAPEC-ID 182) Cross-Site Scripting Using Alternate Syntax (CAPEC-ID 199) Exploiting Trust in Client (aka Make the Client Invisible) (CAPEC-ID 22) XML Nested Payloads (CAPEC-ID 230) XML Oversized Payloads (CAPEC-ID 231) Filter Failure through Buffer Overflow (CAPEC-ID 24) Cross-Site Scripting via Encoded URI Schemes (CAPEC-ID 244) XML Injection (CAPEC-ID 250) Environment Variable Manipulation (CAPEC-ID 264) Global variable manipulation (CAPEC-ID 265) Leverage Alternate Encoding (CAPEC-ID 267) Fuzzing (CAPEC-ID 28) Using Leading 'Ghost' Character Sequences to Bypass Input Filters (CAPEC-ID 3) Accessing/Intercepting/Modifying HTTP Cookies (CAPEC-ID 31) Embedding Scripts in HTTP Query Strings (CAPEC-ID 32) MIME Conversion (CAPEC-ID 42) Exploiting Multiple Input Interpretation Layers (CAPEC-ID 43) Buffer Overflow via Symbolic Links (CAPEC-ID 45) Overflow Variables and Tags (CAPEC-ID 46) Buffer Overflow via Parameter Expansion (CAPEC-ID 47) Signature Spoof (CAPEC-ID 473) XML Client-Side Attack (CAPEC-ID 484) Embedding NULL Bytes (CAPEC-ID 52) Postfix, Null Terminate, and Backslash (CAPEC-ID 53) Simple Script Injection (CAPEC-ID 63) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) SQL Injection (CAPEC-ID 66) String Format Overflow in syslog() (CAPEC-ID 67) Blind SQL Injection (CAPEC-ID 7) Using Unicode Encoding to Bypass Validation Logic (CAPEC-ID 71) URL Encoding (CAPEC-ID 72) User-Controlled Filename (CAPEC-ID 73) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79) Buffer Overflow in an API Call (CAPEC-ID 8) Using UTF-8 Encoding to Bypass Validation Logic (CAPEC-ID 80) Web Logs Tampering (CAPEC-ID 81) XPath Injection (CAPEC-ID 83) AJAX Fingerprinting (CAPEC-ID 85) Embedding Script (XSS) in HTTP Headers (CAPEC-ID 86) OS Command Injection (CAPEC-ID 88) Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9) XSS in IMG Tags (CAPEC-ID 91) XML Parser Attack (CAPEC-ID 99)