UbuntuUSN-2376-1Linux kernel vulnerabilities
8.2 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.122 Low
EPSS
Percentile
95.3%
Releases
- Ubuntu 12.04
Packages
- linux - Linux kernel
Details
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s
magicmouse HID driver. A physically proximate attacker could exploit this
flaw to cause a denial of service (system crash) or possibly execute
arbitrary code via specially crafted devices. (CVE-2014-3181)
A bounds check error was discovered in the driver for the Logitech Unifying
receivers and devices. A physically proximate attacker could exploit this
flaw to to cause a denial of service (invalid kfree) or to execute
arbitrary code. (CVE-2014-3182)
Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)
Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)
Steven Vittitoe reported a buffer overflow in the Linux kernel’s PicoLCD
HID device driver. A physically proximate attacker could exploit this flaw
to cause a denial of service (system crash) or possibly execute arbitrary
code via a specially craft device. (CVE-2014-3186)
A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)
James Eckersall discovered a buffer overflow in the Ceph filesystem in the
Linux kernel. A remote attacker could exploit this flaw to cause a denial
of service (memory consumption and panic) or possibly have other
unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416)
James Eckersall discovered a flaw in the handling of memory allocation
failures in the Ceph filesystem. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or possibly have unspecified
other impact. (CVE-2014-6417)
James Eckersall discovered a flaw in how the Ceph filesystem validates auth
replies. A remote attacker could exploit this flaw to cause a denial of
service (system crash) or possibly have other unspecified impact.
(CVE-2014-6418)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.04 | noarch | linux-image-3.2.0-70-generic-pae | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | block-modules-3.2.0-70-generic-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | block-modules-3.2.0-70-virtual-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | crypto-modules-3.2.0-70-generic-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | crypto-modules-3.2.0-70-virtual-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fat-modules-3.2.0-70-generic-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fat-modules-3.2.0-70-virtual-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fb-modules-3.2.0-70-generic-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | fb-modules-3.2.0-70-virtual-di | < 3.2.0-70.105 | UNKNOWN |
| Ubuntu | 12.04 | noarch | firewire-core-modules-3.2.0-70-generic-di | < 3.2.0-70.105 | UNKNOWN |
References
Related
8.2 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.122 Low
EPSS
Percentile
95.3%