mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #71
Closed mend-for-github-com[bot] closed 1 year ago
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #71
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #71
Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Vulnerabilities
Details
CVE-2022-3565
### Vulnerable Libraries - asuswrt-merlin380.70, asuswrt-merlin380.70
### Vulnerability DetailsA vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.
Publish Date: 2022-10-17
URL: CVE-2022-3565
### CVSS 3 Score Details (7.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2022-3565
Release Date: 2022-10-17
Fix Resolution: v4.9.331,v4.14.296,v4.19.262,v5.4.220,v5.10.150,v5.15.75,v6.0.3
CVE-2018-9516
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-debug.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-debug.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-debug.c
### Vulnerability DetailsIn hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.
Publish Date: 2018-11-06
URL: CVE-2018-9516
### CVSS 3 Score Details (7.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://source.android.com/security/bulletin/pixel/2018-09-01
Release Date: 2018-11-06
Fix Resolution: v4.18-rc5
CVE-2013-2890
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-sony.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-sony.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-sony.c
### Vulnerability Detailsdrivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
Publish Date: 2013-09-16
URL: CVE-2013-2890
### CVSS 3 Score Details (7.4)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2890
Release Date: 2013-09-16
Fix Resolution: v3.12-rc2
CVE-2014-3215
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)
### Vulnerability Detailsseunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
Publish Date: 2014-05-08
URL: CVE-2014-3215
### CVSS 3 Score Details (7.4)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3215
Release Date: 2014-05-08
Fix Resolution: kernel-doc - 2.6.32-504.16.2;kernel-abi-whitelists - 2.6.32-504.16.2;perf - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-debuginfo - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-debug-devel - 2.6.32-504.16.2,2.6.32-504.16.2;libcap-ng-devel - 0.7.5-4,0.7.5-4,0.7.5-4,0.7.5-4;perf-debuginfo - 2.6.32-504.16.2,2.6.32-504.16.2;libcap-ng-python - 0.7.5-4,0.7.5-4;libcap-ng - 0.7.5-4,0.7.5-4,0.7.5-4,0.7.5-4,0.7.5-4;kernel-debug-debuginfo - 2.6.32-504.16.2,2.6.32-504.16.2;libcap-ng-utils - 0.7.5-4,0.7.5-4;kernel-debug - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-devel - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-firmware - 2.6.32-504.16.2;kernel - 2.6.32-504.16.2,2.6.32-504.16.2,2.6.32-504.16.2,2.6.32-504.16.2;libcap-ng-debuginfo - 0.7.5-4,0.7.5-4;python-perf - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-debuginfo-common-i686 - 2.6.32-504.16.2;python-perf-debuginfo - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-headers - 2.6.32-504.16.2,2.6.32-504.16.2;kernel-debuginfo-common-x86_64 - 2.6.32-504.16.2
CVE-2014-3181
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-magicmouse.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-magicmouse.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-magicmouse.c
### Vulnerability DetailsMultiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
Publish Date: 2014-09-28
URL: CVE-2014-3181
### CVSS 3 Score Details (7.4)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3181
Release Date: 2014-09-28
Fix Resolution: v3.17-rc3
CVE-2017-7533
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)
### Vulnerability DetailsRace condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
Publish Date: 2017-08-05
URL: CVE-2017-7533
### CVSS 3 Score Details (7.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-7533
Release Date: 2017-08-05
Fix Resolution: kernel-headers - 3.10.0-327.61.3;kernel-rt-trace-devel - 3.10.0-693.2.1.rt56.620;kernel-rt-debug-kvm - 3.10.0-693.2.1.rt56.620;kernel-bootwrapper - 3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-514.32.2;perf - 3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-514.32.2;kernel-debuginfo - 3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-514.32.2;kernel-debug-devel - 3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-514.32.2;kernel-tools-libs - 3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-693.1.1;perf-debuginfo - 3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-693.1.1;kernel-debug-debuginfo - 3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2;kernel-debug - 3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3;kernel-devel - 3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-693.1.1;kernel - 3.10.0-327.61.3,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-514.32.2,3.10.0-327.61.3;kernel-rt-debug-devel - 3.10.0-693.2.1.rt56.620;python-perf - 3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-327.61.3;kernel-rt-debug - 3.10.0-693.2.1.rt56.620;kernel-rt-devel - 3.10.0-693.2.1.rt56.620;kernel-tools - 3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-327.61.3;kernel-rt-trace-kvm - 3.10.0-693.2.1.rt56.620;kernel-tools-libs-devel - 3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-327.61.3,3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2;kernel-tools-debuginfo - 3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-327.61.3;kernel-rt-kvm - 3.10.0-693.2.1.rt56.620;python-perf-debuginfo - 3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3;kernel-headers - 3.10.0-693.1.1,3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-327.61.3,3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-514.32.2;kernel-rt-trace - 3.10.0-693.2.1.rt56.620;kernel-debuginfo-common-x86_64 - 3.10.0-693.1.1,3.10.0-514.32.2,3.10.0-327.61.3;kernel-rt - 3.10.0-693.2.1.rt56.620,3.10.0-693.2.1.rt56.620;kernel-doc - 3.10.0-514.32.2,3.10.0-693.1.1,3.10.0-327.61.3;kernel-abi-whitelists - 3.10.0-693.1.1,3.10.0-327.61.3,3.10.0-514.32.2
CVE-2022-21499
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)
### Vulnerability DetailsKGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Publish Date: 2022-06-09
URL: CVE-2022-21499
### CVSS 3 Score Details (6.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2022-21499
Release Date: 2022-06-09
Fix Resolution: v5.4.197,v5.10.119,v5.15.42,v5.17.10,v5.18.1,v5.19-rc1
CVE-2020-0431
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-input.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-input.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-input.c
### Vulnerability DetailsIn kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459
Publish Date: 2020-09-17
URL: CVE-2020-0431
### CVSS 3 Score Details (6.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2020-0431
Release Date: 2020-09-17
Fix Resolution: v3.16.83,4.4.210,v4.9.210,v4.14.165,v4.19.96,v5.4.12
CVE-2017-7273
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-cypress.c
### Vulnerability DetailsThe cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
Publish Date: 2017-03-27
URL: CVE-2017-7273
### CVSS 3 Score Details (6.6)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Physical - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-7273
Release Date: 2017-03-27
Fix Resolution: 4.9.4
CVE-2019-19462
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (1)
### Vulnerability Detailsrelay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
Publish Date: 2019-11-30
URL: CVE-2019-19462
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19462
Release Date: 2019-11-30
Fix Resolution: v5.8-rc1
CVE-2011-4131
### Vulnerable Libraries - asuswrt-merlin380.70, asuswrt-merlin380.70
### Vulnerability DetailsThe NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
Publish Date: 2012-05-17
URL: CVE-2011-4131
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2011-4131
Release Date: 2012-05-17
Fix Resolution: v3.3-rc1,v3.2.2
CVE-2013-2896
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-ntrig.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-ntrig.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-ntrig.c
### Vulnerability Detailsdrivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.
Publish Date: 2013-09-16
URL: CVE-2013-2896
### CVSS 3 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2896
Release Date: 2013-09-16
Fix Resolution: v3.12-rc1
CVE-2014-3184
### Vulnerable Libraries - asuswrt-merlin380.70, asuswrt-merlin380.70, asuswrt-merlin380.70, asuswrt-merlin380.70, asuswrt-merlin380.70, asuswrt-merlin380.70
### Vulnerability DetailsThe report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
Publish Date: 2014-09-28
URL: CVE-2014-3184
### CVSS 3 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-3184
Release Date: 2014-09-28
Fix Resolution: 3.16.2
CVE-2013-2892
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-pl.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-pl.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-pl.c
### Vulnerability Detailsdrivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
Publish Date: 2013-09-16
URL: CVE-2013-2892
### CVSS 3 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2892
Release Date: 2013-09-16
Fix Resolution: v3.12-rc1
CVE-2013-2893
### Vulnerable Libraries - asuswrt-merlin380.70, asuswrt-merlin380.70
### Vulnerability DetailsThe Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
Publish Date: 2013-09-16
URL: CVE-2013-2893
### CVSS 3 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2893
Release Date: 2013-09-16
Fix Resolution: v3.12-rc2
CVE-2013-2889
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-zpff.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-zpff.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-zpff.c
### Vulnerability Detailsdrivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.
Publish Date: 2013-09-16
URL: CVE-2013-2889
### CVSS 3 Score Details (5.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2889
Release Date: 2013-09-16
Fix Resolution: v3.12-rc2
CVE-2022-41850
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-roccat.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-roccat.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/hid/hid-roccat.c
### Vulnerability Detailsroccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
Publish Date: 2022-09-30
URL: CVE-2022-41850
### CVSS 3 Score Details (4.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2022-41850
Release Date: 2022-09-30
Fix Resolution: v4.9.331,v4.14.296,v4.19.262,v5.4.220,v5.10.150,v5.15.75,v6.0.3
CVE-2020-12652
### Vulnerable Library - asuswrt-merlin380.70Enhanced version of Asus's router firmware (Asuswrt) (legacy code base)
Library home page: https://github.com/RMerl/asuswrt-merlin.git
Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5
Found in base branch: master
### Vulnerable Source Files (3)
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/message/fusion/mptctl.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/message/fusion/mptctl.c
/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/message/fusion/mptctl.c
### Vulnerability DetailsThe __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power."
Publish Date: 2020-05-05
URL: CVE-2020-12652
### CVSS 3 Score Details (4.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: High - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.14
Release Date: 2020-06-13
Fix Resolution: 5.4.14