CVE-2014-3184
Kernel: HID: off by one error in various _report_fixup routines
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
Las funciones report_fixup en el subsistema HID en el kernel de Linux anterior a 3.16.2 podrían permitir a atacantes físicamente próximos causar una denegación de servicio (escritura fuera de rango) a través de un dispositivo manipulado que proporciona un descriptor de informes pequeño, relacionado con (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, y (6) drivers/hid/hid-sunplus.c.
Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-03 CVE Reserved
- 2014-09-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-193: Off-by-one Error
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ab25786c87eb20857bbb715c3ae34ec8fd6a214 | X_refsource_confirm | |
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2 | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2014/09/11/21 | Mailing List | |
http://www.securityfocus.com/bid/69768 | Vdb Entry | |
https://code.google.com/p/google-security-research/issues/detail?id=91 | X_refsource_misc | |
https://github.com/torvalds/linux/commit/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2014-1318.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2015-1272.html | 2023-11-07 | |
http://www.ubuntu.com/usn/USN-2374-1 | 2023-11-07 | |
http://www.ubuntu.com/usn/USN-2375-1 | 2023-11-07 | |
http://www.ubuntu.com/usn/USN-2376-1 | 2023-11-07 | |
http://www.ubuntu.com/usn/USN-2377-1 | 2023-11-07 | |
http://www.ubuntu.com/usn/USN-2378-1 | 2023-11-07 | |
http://www.ubuntu.com/usn/USN-2379-1 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1141391 | 2015-07-20 | |
https://access.redhat.com/security/cve/CVE-2014-3184 | 2015-07-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.16.1 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.16.1" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.16.0 Search vendor "Linux" for product "Linux Kernel" and version "3.16.0" | - |
Affected
|