CVE-2013-2899

Description

drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.

References

Link	Tags
http://www.ubuntu.com/usn/USN-2024-1	vendor advisory
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.73
http://www.ubuntu.com/usn/USN-2039-1	vendor advisory
http://marc.info/?l=linux-input&m=137772191714649&w=1	mailing list
http://www.ubuntu.com/usn/USN-2022-1	vendor advisory
http://openwall.com/lists/oss-security/2013/08/28/13	mailing list
http://www.ubuntu.com/usn/USN-1995-1	vendor advisory
http://www.ubuntu.com/usn/USN-2038-1	vendor advisory
http://www.ubuntu.com/usn/USN-2021-1	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html	vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html	vendor advisory
http://www.ubuntu.com/usn/USN-2019-1	vendor advisory
http://www.ubuntu.com/usn/USN-1998-1	vendor advisory
http://www.ubuntu.com/usn/USN-2050-1	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2013-2899?: CVE-2013-2899 has been scored as a medium severity vulnerability.
How to fix CVE-2013-2899?: To fix CVE-2013-2899, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2013-2899 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2013-2899 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions