Vulnerability Details : CVE-2013-1860
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2013-1860
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1860
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1860
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-1860
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1860
-
http://www.ubuntu.com/usn/USN-1813-1
USN-1813-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c0f5ecee4e741667b2493c742b60b6218d40b3aa
Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1812-1
USN-1812-1: Linux kernel (Quantal HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2013/03/15/3
oss-security - Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by deviceMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1829-1
USN-1829-1: Linux kernel (EC2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1811-1
USN-1811-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/c0f5ecee4e741667b2493c742b60b6218d40b3aa
USB: cdc-wdm: fix buffer overflow · torvalds/linux@c0f5ece · GitHubExploit;Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0328.html
RHSA-2014:0328 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.4
Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
mandriva.comBroken Link
-
http://www.ubuntu.com/usn/USN-1814-1
USN-1814-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=921970
921970 – (CVE-2013-1860) CVE-2013-1860 kernel: usb: cdc-wdm buffer overflow triggered by deviceIssue Tracking;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0339.html
RHSA-2014:0339 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/58510
Linux Kernel 'cdc-wdm' USB Device Driver Heap Based Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-1809-1
USN-1809-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to