Udev Security Vulnerabilities and Issues — Udev CVE List

Lucene search

Udev ProjectUdev

4 matches found

CVE•added 2009/04/17 2:30 p.m.•203 views

CVE-2009-1185

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

7.2CVSS7.4AI score0.86494EPSS

CVE•added 2009/04/17 2:30 p.m.•82 views

CVE-2009-1186

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

2.1CVSS6AI score0.00087EPSS

CVE•added 2011/01/25 1:0 a.m.•50 views

CVE-2011-0640

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a ...

6.9CVSS9.5AI score0.0007EPSS

CVE•added 2010/12/07 10:0 p.m.•46 views

CVE-2010-4176

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

4CVSS8.4AI score0.00177EPSS