Vulnerability Details : CVE-2014-3186
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2014-3186
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3186
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3186
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2014-3186
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3186
-
https://github.com/torvalds/linux/commit/844817e47eef14141cf59b8d5ac08dd11c0a9189
HID: picolcd: sanity check report size in raw_event() callback · torvalds/linux@844817e · GitHubThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
[security-announce] SUSE-SU-2015:0481-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2376-1
USN-2376-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=844817e47eef14141cf59b8d5ac08dd11c0a9189
Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
[security-announce] openSUSE-SU-2015:0566-1: important: kernel update foMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1141407
1141407 – (CVE-2014-3186) CVE-2014-3186 Kernel: HID: memory corruption via OOB writeIssue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2377-1
USN-2377-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2378-1
USN-2378-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://code.google.com/p/google-security-research/issues/detail?id=101
101 - PicoLCD HID device driver pool overflow - project-zero - MonorailThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2014/09/11/22
oss-security - Re: Multiple Linux USB driver CVE assignmentMailing List
-
http://www.securityfocus.com/bid/69763
Linux Kernel PicoLCD HID Device Driver Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=844817e47eef14141cf59b8d5ac08dd11c0a9189
kernel/git/torvalds/linux.git - Linux kernel source tree
-
http://www.ubuntu.com/usn/USN-2379-1
USN-2379-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to