Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2011-0640

Published: Jan 25, 2011 | Modified: Jun 03, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
4.6 MODERATE
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2011-0640
CWEhttps://cwe.mitre.org/data/definitions/.html

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Affected Software

Name Vendor Start Version End Version
Udev Udev_project - (including) - (including)
Udev Ubuntu dapper *
Udev Ubuntu hardy *
Udev Ubuntu karmic *
Udev Ubuntu lucid *
Udev Ubuntu maverick *
Udev Ubuntu natty *
Udev Ubuntu oneiric *
Udev Ubuntu precise *
Udev Ubuntu precise/esm *
Udev Ubuntu quantal *
Udev Ubuntu raring *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use