CVE-2011-0640
- EPSS 0.35%
- Veröffentlicht 25.01.2011 01:00:03
- Zuletzt bearbeitet 16.06.2026 23:27:47
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated...
- EPSS 2.32%
- Veröffentlicht 07.12.2010 22:00:02
- Zuletzt bearbeitet 16.06.2026 23:24:17
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
CVE-2009-1185
- EPSS 81.53%
- Veröffentlicht 17.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:41
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2009-1186
- EPSS 0.54%
- Veröffentlicht 17.04.2009 14:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:41
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.