CVE-2009-4067
Publication date 6 October 2011
Last updated 24 July 2024
Ubuntu priority
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.
From the Ubuntu Security Team
It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| linux-ec2 | ||
| linux-fsl-imx51 | ||
| linux-lts-backport-maverick | ||
| linux-lts-backport-natty | ||
| linux-mvl-dove | ||
| linux-ti-omap4 | ||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.8 · Medium
|
| Attack vector | Physical |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-1236-1
- Linux kernel vulnerabilities
- 20 October 2011