CVE Vulnerabilities

CVE-2011-0640

Published: Jan 25, 2011 | Modified: Jun 03, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
4.6 MODERATE
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
LOW

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Affected Software

Name Vendor Start Version End Version
Udev Udev_project - (including) - (including)
Udev Ubuntu dapper *
Udev Ubuntu hardy *
Udev Ubuntu karmic *
Udev Ubuntu lucid *
Udev Ubuntu maverick *
Udev Ubuntu natty *
Udev Ubuntu oneiric *
Udev Ubuntu precise *
Udev Ubuntu precise/esm *
Udev Ubuntu quantal *
Udev Ubuntu raring *

References