Vulnerability Details : CVE-2014-3183
Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-3183
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Threat overview for CVE-2014-3183
Top countries where our scanners detected CVE-2014-3183
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2014-3183 7,408
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-3183!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-3183
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-3183
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3183
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2
Mailing List;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1141344
1141344 – (CVE-2014-3183) CVE-2014-3183 Kernel: HID: heap overflow due to lack of bounds checkingIssue Tracking
-
https://code.google.com/p/google-security-research/issues/detail?id=90
90 - Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap overflow - project-zero - MonorailThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/09/11/21
oss-security - Multiple Linux USB driver CVE assignmentMailing List
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=51217e69697fba92a06e07e16f55c9a52d8e8945
Broken Link
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51217e69697fba92a06e07e16f55c9a52d8e8945
kernel/git/torvalds/linux.git - Linux kernel source treePatch
-
https://github.com/torvalds/linux/commit/51217e69697fba92a06e07e16f55c9a52d8e8945
HID: logitech: fix bounds checking on LED report size · torvalds/linux@51217e6 · GitHubThird Party Advisory
Jump to