Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3185

Опубликовано: 24 авг. 2014
Источник: redhat
CVSS2: 6.2

Описание

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.

Отчет

This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2014:184311.11.2014
Red Hat Enterprise Linux 6.5 Extended Update SupportkernelFixedRHSA-2015:028403.03.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2014:197109.12.2014
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2014:131829.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1141400Kernel: USB serial: memory corruption flaw

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3185

ubuntu
больше 11 лет назад

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

nvd логотип

CVE-2014-3185

nvd
больше 11 лет назад

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

msrc логотип

CVE-2014-3185

msrc
почти 2 года назад

Описание отсутствует

debian логотип

CVE-2014-3185

debian
больше 11 лет назад

Multiple buffer overflows in the command_port_read_callback function i ...

github логотип

GHSA-2jr7-m5j8-2vf4

github
больше 3 лет назад

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

6.2 Medium

CVSS2