// For flags

CVE-2014-3184

Kernel: HID: off by one error in various _report_fixup routines

Severity Score

4.7
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.

Las funciones report_fixup en el subsistema HID en el kernel de Linux anterior a 3.16.2 podrían permitir a atacantes físicamente próximos causar una denegación de servicio (escritura fuera de rango) a través de un dispositivo manipulado que proporciona un descriptor de informes pequeño, relacionado con (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, y (6) drivers/hid/hid-sunplus.c.

Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-03 CVE Reserved
  • 2014-09-28 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-193: Off-by-one Error
CAPEC
References (20)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214 X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2014/09/11/21 Mailing List
http://www.securityfocus.com/bid/69768 Vdb Entry
https://code.google.com/p/google-security-research/issues/detail?id=91 X_refsource_misc
https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2014-1318.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1272.html 2023-11-07
http://www.ubuntu.com/usn/USN-2374-1 2023-11-07
http://www.ubuntu.com/usn/USN-2375-1 2023-11-07
http://www.ubuntu.com/usn/USN-2376-1 2023-11-07
http://www.ubuntu.com/usn/USN-2377-1 2023-11-07
http://www.ubuntu.com/usn/USN-2378-1 2023-11-07
http://www.ubuntu.com/usn/USN-2379-1 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1141391 2015-07-20
https://access.redhat.com/security/cve/CVE-2014-3184 2015-07-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 3.16.1
Search vendor "Linux" for product "Linux Kernel" and version " <= 3.16.1"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 3.16.0
Search vendor "Linux" for product "Linux Kernel" and version "3.16.0"
-
Affected