CVE-2014-3184

Impact:
Low
Public Date:
2014-08-21
CWE:
CWE-193
Bugzilla:
1141391: CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines
Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer.

Find out more about CVE-2014-3184 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.

CVSS v2 metrics

Base Score 1.2
Base Metrics AV:L/AC:H/Au:N/C:N/I:P/A:N
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2015:1272 2015-07-20
Red Hat Enterprise Linux 7 (kernel) RHSA-2014:1971 2014-12-09
Red Hat MRG Grid for RHEL 6 Server v.2 (kernel-rt) RHSA-2014:1318 2014-09-29

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 kernel Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Last Modified