UbuntuUSN-2379-1Linux kernel vulnerabilities
7.9 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.122 Low
EPSS
Percentile
95.3%
Releases
- Ubuntu 14.04 ESM
Packages
- linux - Linux kernel
Details
Steven Vittitoe reported multiple stack buffer overflows in Linux kernel’s
magicmouse HID driver. A physically proximate attacker could exploit this
flaw to cause a denial of service (system crash) or possibly execute
arbitrary code via specially crafted devices. (CVE-2014-3181)
Ben Hawkes reported some off by one errors for report descriptors in the
Linux kernel’s HID stack. A physically proximate attacker could exploit
these flaws to cause a denial of service (out-of-bounds write) via a
specially crafted device. (CVE-2014-3184)
Several bounds check flaws allowing for buffer overflows were discovered in
the Linux kernel’s Whiteheat USB serial driver. A physically proximate
attacker could exploit these flaws to cause a denial of service (system
crash) via a specially crafted device. (CVE-2014-3185)
Steven Vittitoe reported a buffer overflow in the Linux kernel’s PicoLCD
HID device driver. A physically proximate attacker could exploit this flaw
to cause a denial of service (system crash) or possibly execute arbitrary
code via a specially craft device. (CVE-2014-3186)
A flaw was discovered in the Linux kernel’s associative-array garbage
collection implementation. A local user could exploit this flaw to cause a
denial of service (system crash) or possibly have other unspecified impact
by using keyctl operations. (CVE-2014-3631)
A flaw was discovered in the Linux kernel’s UDF filesystem (used on some
CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause
CD, DVD or image file with a specially crafted inode to be mounted can
cause a denial of service (infinite loop or stack consumption).
(CVE-2014-6410)
James Eckersall discovered a buffer overflow in the Ceph filesystem in the
Linux kernel. A remote attacker could exploit this flaw to cause a denial
of service (memory consumption and panic) or possibly have other
unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416)
James Eckersall discovered a flaw in the handling of memory allocation
failures in the Ceph filesystem. A remote attacker could exploit this flaw
to cause a denial of service (system crash) or possibly have unspecified
other impact. (CVE-2014-6417)
James Eckersall discovered a flaw in how the Ceph filesystem validates auth
replies. A remote attacker could exploit this flaw to cause a denial of
service (system crash) or possibly have other unspecified impact.
(CVE-2014-6418)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | linux-image-3.13.0-37-generic | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | block-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | crypto-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | fat-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | fb-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | firewire-core-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | floppy-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | fs-core-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | fs-secondary-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
| Ubuntu | 14.04 | noarch | input-modules-3.13.0-37-generic-di | < 3.13.0-37.64 | UNKNOWN |
References
Related
7.9 High
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.122 Low
EPSS
Percentile
95.3%