CVE-2011-0640

Impact:
Moderate
Public Date:
2011-01-19
Bugzilla:
672513: CVE-2011-0640 udev: Arbitrary code execution via crafted USB data, from smartphone connected to the system

The MITRE CVE dictionary describes this issue as:

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.

Find out more about CVE-2011-0640 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

The Red Hat Security Response Team has rated this issue as having no security
impact. We do not plan to take any action regarding this flaw at this time. If additional information becomes available at a future date, we will revisit this issue and act accordingly.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 4.6
Base Metrics AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.