F5F5:K15911K15911 : Linux kernel vulnerabilities CVE-2014-3182 and CVE-2014-3183
8.3 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
33.2%
Security Advisory Description
Description
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.
Impact
None. F5 products are not affected by this vulnerability.
Status
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:
| Product | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature |
|---|---|---|---|
| BIG-IP LTM | None | ||
| 11.0.0 - 11.6.0 | |||
| 10.0.0 - 10.2.4 | None | ||
| BIG-IP AAM | None | ||
| 11.4.0 - 11.6.0 | |||
| None | |||
| BIG-IP AFM | None | ||
| 11.3.0 - 11.6.0 | |||
| None | |||
| BIG-IP Analytics | None | ||
| 11.0.0 - 11.6.0 | |||
| None | |||
| BIG-IP APM | None | 11.0.0 - 11.6.0 | |
| 10.1.0 - 10.2.4 | None | ||
| BIG-IP ASM | None | 11.0.0 - 11.6.0 | |
| 10.0.0 - 10.2.4 | None | ||
| BIG-IP Edge Gateway | |||
| None | 11.0.0 - 11.3.0 | ||
| 10.1.0 - 10.2.4 | None | ||
| BIG-IP GTM | None | 11.0.0 - 11.6.0 | |
| 10.0.0 - 10.2.4 | None | ||
| BIG-IP Link Controller | None | 11.0.0 - 11.6.0 | |
| 10.0.0 - 10.2.4 | None | ||
| BIG-IP PEM | None | ||
| 11.3.0 - 11.6.0 | |||
| None | |||
| BIG-IP PSM | None | 11.0.0 - 11.4.1 | |
| 10.0.0 - 10.2.4 | None | ||
| BIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 | |
| 10.0.0 - 10.2.4 | None | ||
| BIG-IP WOM | None | 11.0.0 - 11.3.0 | |
| 10.0.0 - 10.2.4 | None | ||
| ARX | None | ||
| 6.0.0 - 6.4.0 | None | ||
| Enterprise Manager | None | ||
| 3.0.0 - 3.1.1 | |||
| 2.1.0 - 2.3.0 | None | ||
| FirePass | None | 7.0.0 | |
| 6.0.0 - 6.1.0 | None | ||
| BIG-IQ Cloud | None | ||
| 4.0.0 - 4.4.0 | |||
| None | |||
| BIG-IQ Device | None | ||
| 4.2.0 - 4.4.0 | |||
| None | |||
| BIG-IQ Security | None | ||
| 4.0.0 - 4.4.0 | |||
| None | |||
| LineRate | None | 2.2.0 - 2.5.0 | |
| 1.6.0 - 1.6.4 | |||
| None | |||
| F5 WebSafe | None | 1.0.0 | None |
Recommended Action
None
Supplemental Information
Related
8.3 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
33.2%