CVE-2014-8884

Опубликовано: 14 нояб. 2014

Источник: redhat

CVSS2: 6

EPSS Низкий

Описание

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.

A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2015:0864	21.04.2015
Red Hat Enterprise Linux 6.5 Extended Update Support	kernel	Fixed	RHSA-2015:0782	07.04.2015
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:0290	05.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-121

https://bugzilla.redhat.com/show_bug.cgi?id=1164266kernel: usb: buffer overflow in ttusb-dec

EPSS

Процентиль: 12%

0.00042

Низкий

6 Medium

CVSS2

Связанные уязвимости

CVE-2014-8884

ubuntu

больше 10 лет назад

CVE-2014-8884

nvd

больше 10 лет назад

CVE-2014-8884

debian

больше 10 лет назад

Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_ ...

GHSA-f8j8-r858-m4h4

github

около 3 лет назад

ELSA-2015-3013

oracle-oval

больше 10 лет назад

ELSA-2015-3013: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 12%

0.00042

Низкий

6 Medium

CVSS2