CVE-2014-3181
Last modified
CVE-2014-3181 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.. EPSS estimates a 0.76% chance of exploitation in the next 30 days.
Description
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.37, < 3.2.63 |
| Linux | Linux Kernel | >= 3.3, < 3.4.104 |
| Linux | Linux Kernel | >= 3.5, < 3.10.56 |
| Linux | Linux Kernel | >= 3.11, < 3.12.31 |
| Linux | Linux Kernel | >= 3.13, < 3.14.20 |
| Linux | Linux Kernel | >= 3.15, < 3.16.4 |
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c54def7bd64d7c0b6993336abcffb8444795bf38Broken Link, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlThird Party Advisory, VDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1318.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/09/11/21Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/69779Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2376-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2377-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2378-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2379-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1141173Issue Tracking
- https://code.google.com/p/google-security-research/issues/detail?id=100Third Party Advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c54def7bd64d7c0b6993336abcffb8444795bf38Broken Link, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlThird Party Advisory, VDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1318.htmlThird Party Advisory
- http://www.openwall.com/lists/oss-security/2014/09/11/21Mailing List, Third Party Advisory
- http://www.securityfocus.com/bid/69779Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2376-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2377-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2378-1Third Party Advisory
- http://www.ubuntu.com/usn/USN-2379-1Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1141173Issue Tracking
- https://code.google.com/p/google-security-research/issues/detail?id=100Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3181?
How severe is CVE-2014-3181?
How do I fix CVE-2014-3181?
Are you affected by CVE-2014-3181?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST