Vulnerabilities (CVE)

Filtered by vendor Udev Project Subscribe
Filtered by product Udev
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0640 1 Udev Project 1 Udev 2024-11-21 6.9 MEDIUM N/A
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
CVE-2010-4176 3 Dracut Project, Fedoraproject, Udev Project 3 Dracut, Fedora, Udev 2024-11-21 4.0 MEDIUM N/A
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
CVE-2009-1186 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 2.1 LOW N/A
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
CVE-2009-1185 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 7.2 HIGH N/A
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.