| Description: | Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. It was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code.
|